SOL
by BSCN
May 17, 2024
The attacker used flash loans from Raydium to manipulate Pump[dot]Fun's bonding curves and withdraw liquidity.
Pump[dot]Fun, a Solana-based platform designed to streamline token launches, suffered a significant exploit on May 16, resulting in the loss of at least 12,300 SOL, worth approximately $2 million.
We are aware that the https://t.co/uE2QNKXkIT bonding curve contracts have been compromised and are investigating the matter.
— pump.fun (@pumpdotfun) May 16, 2024
We have upgraded the contracts so the attacker cannot siphon any more funds. The TVL in the protocol right now is safe.
We’ve paused trading — you…
The exploit began with the alleged attacker using flash loans from Raydium, a prominent Solana lending protocol.
Flash loans are a powerful DeFi tool, enabling users to execute transactions that would otherwise be impossible due to the need for large amounts of capital. However, they also pose significant risks, as demonstrated by this exploit.
Bonding curves, another key component of Pump[dot]Fun, determine the price of a token based on its supply. When a token fills its bonding curve, the liquidity is supposed to be burned to Raydium, allowing the token to start trading on the open market.
In this exploit, the hacker used MarginFi’s flash loan services to manipulate the bonding curves. By reaching 100% on these curves, they could access and withdraw the liquidity, meant for Raydium, and repay the flash loan, securing substantial profits.
The Pump[dot]Fun team upgraded their contracts to prevent further damage in response to the attack. They assured users that all connected wallets and tokens burned to Raydium are secure.
The team’s investigation suggested that a compromised private key facilitated the exploit, as Pump[dot]Fun’s service account cosigned all exploiter transactions.
Pump[dot]Fun has collaborated with law enforcement to investigate the breach.
However, Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, suggested that an internal private key leak caused the hack. He implicated X user “STACCoverflow,” who later identified himself as Jarett Reginald S Dunn.
Dunn claimed credit for the exploit in a series of unusual tweets, asserting that the stolen funds would be distributed to holders of various Solana tokens.
And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x
— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024
Various users on X have reported receiving token distributions from the hacker, though the criteria for these distributions remain unclear.
Pump[dot]Fun enables non-technical users to launch memecoins quickly and cost-effectively. The platform has facilitated the launch of hundreds of tokens on Blast and Solana, generating over $10 million in revenue last month alone, according to DeFiLlama.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
October 4, 2024
Coinbase to Delist Non-Compliant Stablecoins in EU by December
October 4, 2024
CryptoPunk 1563 “Sells” for $56M: Real Deal or Flash Loan Stunt?
October 4, 2024
Is Satoshi Nakamoto About to Be Exposed? HBO Documentary Claims to Reveal Bitcoin Creator’s Identity
October 3, 2024
Visa Introduces Tokenized Asset Platform for Fiat-Backed Tokens
October 3, 2024
Lamborghini to Unveil Web3 Platform "Fast ForWorld" With Animoca Brands
October 3, 2024
Crypto Losses in 2024 Soar to $2.11 Billion, Surpassing 2023’s Annual Total: Report
October 3, 2024
Aptos Blockchain Welcomes Franklin Templeton's Tokenized U.S. Government Fund
October 2, 2024
Bitwise Files for First-Ever XRP ETF with the SEC: What You Need to Know