We do the research, you get the alpha!
Get exclusive reports and key insights on airports, NFTs and more! Sign up for Alpha Reports now and step up your game!
Go to Alpha Reports
Pump.fun, a popular tool for launching meme coins on Solana, encountered an exploit on Thursday that put the protocol at risk and prompted management to temporarily shut down the site. All the while, the apparent assailant behind the prank was bragging about it online.
The attack appears to have targeted Pamp.fun's accounts, called Bonding Curve contracts, which channel a substantial flow of tokens to Solana's decentralized exchange (DEX) Radium.
With the help of some couriers on the chain, with the help of a private key only an employee of Pamp.fun could access, the attacker diverted the funds allocated for the radium to unrelated wallet addresses.
Igor Igamberdiev, head of research at crypto market maker Wintermute, Estimate The attacker used this exploit to close at least $2 million worth of SOL.
But indirectly, the attacker immediately started depositing the stolen funds to random wallet addresses. The Pamp.fun loot seems to have picked out a handful of unwilling owners of Solana tokens and NFTs.
Within minutes of the attack, a former Pamp.fun employee claimed responsibility for the Twitter account. The user began to post widely and modestly, writing that he was not afraid of arrest and knew that his identity had been compromised.
“Goodbye everyone, this is a robbery,” the report read. “I am going to change the course of history. [And] Then he rots in prison. Am I healthy? Nah. i am fine? [Very] Not much. Do I need anything? My mother has risen from the dead.”
The account then began retweeting posts from grateful crypto users claiming to have received some of the stolen funds from the attacker's airdrops.
Decrypt He spoke to the self-proclaimed attacker to find out more about the exploit and his motivations for carrying it out.
“The threads are there, dig deep,” was the only response.
A few hours after the attack, Pump.fun announced that it has stopped trading on the protocol and is investigating the matter. The company intends to cooperate with law enforcement; The attacker is Canadian.
The self-identified Pump.fun attacker took to Twitter Spaces on Thursday afternoon to say that he had worked for Pump.fun for a few weeks, felt the company was being “horribly run” and had “personal grievances” with its actions. Company management.
When asked why he committed the theft, he was extremely blunt.
“I wanted to kill Pump.Fu because it was something I had to do,” he said. “Unexpectedly, it hurts people for a long time.”
Decrypt The attacker himself previously reached out to Pump.fun to confirm whether he worked for the company, but did not immediately receive a response.
While Pump.fun has seen huge trading volume over the last few months as the meme coin frenzy overtakes crypto, the crypto's more gambling-focused, purely speculative underbelly has drawn criticism.
The self-proclaimed Pump.fun hacker noted on Thursday — without providing any supporting details — that the company is on a downward trajectory that has helped accelerate it.
“Eventually, the way things were going, they were going to kill themselves,” he said.
A Spaces participant asked the man if he expected to be sent to prison for his actions.
“I'm sure there's a very good chance of that,” he replied.
Edited by Andrew Hayward.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.
