SOL
by BSCN
May 17, 2024
The attacker used flash loans from Raydium to manipulate Pump[dot]Fun's bonding curves and withdraw liquidity.
Pump[dot]Fun, a Solana-based platform designed to streamline token launches, suffered a significant exploit on May 16, resulting in the loss of at least 12,300 SOL, worth approximately $2 million.
We are aware that the https://t.co/uE2QNKXkIT bonding curve contracts have been compromised and are investigating the matter.
— pump.fun (@pumpdotfun) May 16, 2024
We have upgraded the contracts so the attacker cannot siphon any more funds. The TVL in the protocol right now is safe.
We’ve paused trading — you…
The exploit began with the alleged attacker using flash loans from Raydium, a prominent Solana lending protocol.
Flash loans are a powerful DeFi tool, enabling users to execute transactions that would otherwise be impossible due to the need for large amounts of capital. However, they also pose significant risks, as demonstrated by this exploit.
Bonding curves, another key component of Pump[dot]Fun, determine the price of a token based on its supply. When a token fills its bonding curve, the liquidity is supposed to be burned to Raydium, allowing the token to start trading on the open market.
In this exploit, the hacker used MarginFi’s flash loan services to manipulate the bonding curves. By reaching 100% on these curves, they could access and withdraw the liquidity, meant for Raydium, and repay the flash loan, securing substantial profits.
The Pump[dot]Fun team upgraded their contracts to prevent further damage in response to the attack. They assured users that all connected wallets and tokens burned to Raydium are secure.
The team’s investigation suggested that a compromised private key facilitated the exploit, as Pump[dot]Fun’s service account cosigned all exploiter transactions.
Pump[dot]Fun has collaborated with law enforcement to investigate the breach.
However, Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, suggested that an internal private key leak caused the hack. He implicated X user “STACCoverflow,” who later identified himself as Jarett Reginald S Dunn.
Dunn claimed credit for the exploit in a series of unusual tweets, asserting that the stolen funds would be distributed to holders of various Solana tokens.
And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x
— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024
Various users on X have reported receiving token distributions from the hacker, though the criteria for these distributions remain unclear.
Pump[dot]Fun enables non-technical users to launch memecoins quickly and cost-effectively. The platform has facilitated the launch of hundreds of tokens on Blast and Solana, generating over $10 million in revenue last month alone, according to DeFiLlama.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
September 14, 2024
Weekly Article Recap: 9/09-9/13
September 13, 2024
MicroStrategy Buys Another $1.11B in Bitcoin, Reaches 244,800 BTC Holdings
September 13, 2024
ParaFi Capital Chooses Avalanche for Tokenization of its $1.2B Fund
September 13, 2024
Sky Protocol’s Recent Proposal Could Impact $200M Loans Backed by Wrapped Bitcoin: Report
September 13, 2024
Tether Faces Transparency Issues with its US Dollar Reserves: Report
September 12, 2024
eToro Limits U.S. Crypto Offerings to BTC, ETH, and BCH After $1.5M SEC Settlement
September 12, 2024
Searching for a Telegram Trading Bot? Maestro Might Be the Perfect Solution
September 12, 2024
FTX/Alameda Wallet Unstakes $24M SOL Amid Ongoing Investigations: Report