SOL
by BSCN
May 17, 2024
The attacker used flash loans from Raydium to manipulate Pump[dot]Fun's bonding curves and withdraw liquidity.
Pump[dot]Fun, a Solana-based platform designed to streamline token launches, suffered a significant exploit on May 16, resulting in the loss of at least 12,300 SOL, worth approximately $2 million.
We are aware that the https://t.co/uE2QNKXkIT bonding curve contracts have been compromised and are investigating the matter.
— pump.fun (@pumpdotfun) May 16, 2024
We have upgraded the contracts so the attacker cannot siphon any more funds. The TVL in the protocol right now is safe.
We’ve paused trading — you…
The exploit began with the alleged attacker using flash loans from Raydium, a prominent Solana lending protocol.
Flash loans are a powerful DeFi tool, enabling users to execute transactions that would otherwise be impossible due to the need for large amounts of capital. However, they also pose significant risks, as demonstrated by this exploit.
Bonding curves, another key component of Pump[dot]Fun, determine the price of a token based on its supply. When a token fills its bonding curve, the liquidity is supposed to be burned to Raydium, allowing the token to start trading on the open market.
In this exploit, the hacker used MarginFi’s flash loan services to manipulate the bonding curves. By reaching 100% on these curves, they could access and withdraw the liquidity, meant for Raydium, and repay the flash loan, securing substantial profits.
The Pump[dot]Fun team upgraded their contracts to prevent further damage in response to the attack. They assured users that all connected wallets and tokens burned to Raydium are secure.
The team’s investigation suggested that a compromised private key facilitated the exploit, as Pump[dot]Fun’s service account cosigned all exploiter transactions.
Pump[dot]Fun has collaborated with law enforcement to investigate the breach.
However, Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, suggested that an internal private key leak caused the hack. He implicated X user “STACCoverflow,” who later identified himself as Jarett Reginald S Dunn.
Dunn claimed credit for the exploit in a series of unusual tweets, asserting that the stolen funds would be distributed to holders of various Solana tokens.
And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x
— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024
Various users on X have reported receiving token distributions from the hacker, though the criteria for these distributions remain unclear.
Pump[dot]Fun enables non-technical users to launch memecoins quickly and cost-effectively. The platform has facilitated the launch of hundreds of tokens on Blast and Solana, generating over $10 million in revenue last month alone, according to DeFiLlama.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
3h : 40m ago
Shiba Inu Ecosystem and Turbo Memecoin Adopt Cross-Chain Token Standard with Chainlink CCIP
6h : 55m ago
VanEck Predicts Strategic Bitcoin Reserve Could Offset $42T of U.S. Debt by 2049
8h : 10m ago
Trump Appoints Former GOP Candidate Bo Hines to Lead Crypto Council
December 21, 2024
Weekly Article Recap: 12/16-12/20
December 20, 2024
Injective and Sonic SVM Partners to Launch the First Cross-Chain AI Agent Platform
December 20, 2024
UK Judge Sentences Craig Wright to One Year in Prison for Contempt of Court
December 20, 2024
SEC Approves Bitcoin and Ethereum ETFs from Hashdex and Franklin Templeton
December 18, 2024
Ripple Dollar (RLUSD) Launches with Full Transparency and Regulatory Backing