Pump.fun Exploit Leads to $2 Million Theft and Airdrop
On Thursday, the popular tool for launching meme coins on Solana, Pump.fun, fell victim to an exploit that left the protocol compromised. The attacker, using what appeared to be a private key only accessible to Pump.fun employees, diverted funds earmarked for Raydium, a Solana DEX, to unrelated wallet addresses. This exploit resulted in the theft of at least $2 million worth of SOL, according to Igor Igamberdiev, head of research at crypto market maker Wintermute.
Attacker Begins Airdropping Stolen Funds
Following the theft, the attacker began airdropping the stolen funds to random wallet addresses, including holders of certain Solana tokens and NFTs. This move left unsuspecting individuals as recipients of the ill-gotten gains from the Pump.fun exploit.
Former Employee Claims Responsibility
Shortly after the attack, a Twitter account allegedly belonging to a former Pump.fun employee claimed responsibility for the exploit. The account posted extensively, declaring intentions to change history and indicating awareness of being identified. The individual behind the account shared that they were not afraid of imprisonment and began retweeting posts from individuals who received portions of the stolen funds through airdrops.
Pump.fun’s Response and Investigation
Pump.fun quickly responded to the attack by pausing trading on the platform and launching an investigation into the matter. The company announced its cooperation with law enforcement, especially since the self-proclaimed attacker is Canadian. Pump.fun assured users that the TVL in the protocol was safe due to upgraded contracts preventing further fund siphoning.
Attacker’s Motivations and Company Criticism
In a Twitter Spaces discussion, the self-proclaimed attacker cited personal grievances against Pump.fun’s leadership and criticized the company’s management. He stated that his actions were motivated by a desire to destabilize Pump.fun and viewed it as a form of retaliation. The attacker believed that Pump.fun was already on a declining trajectory and that he simply expedited its demise.
While Pump.fun has experienced significant trading volume amidst the rise of meme coins, it has faced backlash for contributing to the speculative nature of the crypto market. The self-proclaimed attacker highlighted his perception of the company’s negative impact and expressed resignation to the possibility of facing legal consequences for his actions.
Image/Photo credit: source url