Solana-Based DeFi Memecoin Platform Pump.fun Breached in Exploitative Attack
An exploit on May 16 caused a significant breach in the Solana-based DeFi memecoin platform Pump.fun, as an exploiter utilized flash loans to manipulate the platform’s bonding curve contracts. This malicious activity prompted Pump.fun to pause all trading activities in response to the breach.
Platform Response
In a statement released on social media, Pump.fun acknowledged the exploit and reassured its users that the platform is actively investigating the issue. The team emphasized their efforts to upgrade the contracts, thereby preventing further siphoning of funds by the attacker. They further assured users that the Total Value Locked (TVL) in the protocol remains secure. Trading activities have been temporarily halted, prohibiting users from buying or selling any coins. Additionally, coins in the process of migrating to Raydium are temporarily unable to be traded.
Industry experts, such as Wintermute’s Head of Research Igor Igamberdiev, have speculated that a compromised key may have facilitated the breach, potentially indicating an inside job. Estimated losses resulting from the exploit are reported to be around 12,000 SOL, which is equivalent to approximately $2 million.
Account Responsibility
Following the incident, an account on X, identified as STACCoveflow, claimed responsibility for the attack. In cryptic posts, STACCoveflow hinted at a larger motive, stating a desire to “change the course of history.” The account suggested that the stolen funds would not be retained but instead redistributed to certain token users through the remaining balances of bonding curves.
The exact methods utilized by STACCoveflow to execute the attack remain unclear, and the intended distribution of balances to other users is unverified. Allegations surfaced that STACCoveflow had airdropped the stolen SOL to holders of four different coins; however, the claims remain unverified at this time.
Image/Photo credit: source url