Huge ‘screw-up’ — Pump Science apologizes after flood of fraudulent tokens

Decentralized science platform Pump Science has apologized to its users after its private key was leaked on GitHub – allowing a “known attacker” to use the Pump.fun profile to create fraudulent tokens.

“We don't want to minimize how much of a problem this has been, we fully recognize that this is a huge problem on our end,” said Benji Leibowitz of Pump Science. On November 27.

“This will never happen again,” he said.

“We will not reset tokens on pump.fun.”

In previous X posts on November 25th and 26th, Pump Science revealed that the private keys associated with its pump.fun profile (Science) were leaked on GitHub, allowing the hacker to create new forged tokens including Urolitin B. to urolithin E (URO) and cocaine (COKE).

“Don't trust new tokens launched from the Science PumpFun profile,” Pump Science emphasized.

“These were not created by our team and this wallet is damaged.”

Since the incident, Pump Science has changed its Pump.fun profile to “dont_trust” to prevent people from buying any more fake tokens, and has partnered with blockchain security firm Blockaid to flag new mints from this address.

Pump Science accused Solana-based software firm BuilderZ of leaving the private key for the developer wallet address “T5j2U…jb8sc” in its GitHub codebase, mistakenly thinking that the private keys were for the test wallet and not the dev wallet.

The DeSci platform, however, tried to explain that the attacker could not have been BuilderZ because the method by which the tokens were brought onto the Solana chain was different.

Instead, PumpScience said it believes the hacker is the same person or group that hacked the wallet owned by James Pacheco, founder of Solana-based commodity token platform “elmnts.”

DeSci says it will conduct a “full audit” of the protocol front-end and future releases, bug bounty for penetration of the protocol, and the need for improved solutions for key management and security.

“New tokens will be launched on Pump Science after we have fully audited the app and smart contracts to ensure that Pump Science is secure. We hope to have it done by the holidays.”

Related: Decentralized science is like the first DeFi in 2019: Crypto VC

The PumpScience platform allows for trading of indications associated with longevity medicines.

Its two tokens are Rifampicin (RIF) and Urolithin A (URO), which boast market capitalizations of $85.6 million and $37.2 million, respectively, according to CoinGecko data.

Rifampin is used to treat tuberculosis, and urolithin A is a dietary supplement that modulates mitochondrial function and offers potential antioxidant and anti-inflammatory benefits.

Magazine: Anti-aging tycoon Brian Johnson almost gave his life to crypto