Pump.fun, a Solana memecoin creator tool, has recently stated that one of the former employees had used the platform for almost $2 million through a sophisticated “bonding curve” attack. The event of May 16 was described in a few tweets on X (the former Twitter).
The exploit was about the flash loans on Solana lending protocol Raydium to get some SOL, which were then used to “buy as many coins” as possible. After the coins reached 100% on their respective bonding curves, the attacker borrowed money from a flash loan to repay for it. Around 12,300 SOL is equal to $1. 9 million, was stolen in the attack, which took place between 3:5:00 pm UTC and 21 PM on May 16.
Internal Breach and Immediate Response
Pump.fun said the former employee used their “privileged position” to get into the “withdraw authority” and disrupt the internal systems. This person is said to have abused the firm’s ways and means to take away their money.
Igor Igamberdiev, the head of research at Wintermute which is a cryptocurrency market maker said that the hack was due to an internal private key leak and he identified “STACCoverflow” as X user. ” In the cryptic X posts, STACCoverflow insinuated their participation and said they were “about to change the course of history” and did not mind being “fully doxxed.”
Assurances of Security and Compensation
Despite the breach, Pump.fun is a smart contract which tells users that its contracts are safe. The platform in the official statement said that those users who were affected by the incident will get back “100% of their liquidity” within 24 hours. Trading was temporarily halted after the exploit but now it has been resumed.
In the previous X post, Pump.fun said that they will be working closely with the police to solve this issue. Nevertheless, the platform did not disclose the former employee and has not yet responded to requests for more information.
Industry Repercussions and User Reactions
The exploit has caused panic among the cryptocurrency community, mainly because of the security of internal protocols and the possibility that it may be an insider job.The Pump.fun’s quick and full liquidity recovery assurance has been received with the mixed reactions from the users who are now closely following for any further developments.
The inquiry is still in progress and the Pump.fun’s dedication to openness and user compensation is still the main thing in rebuilding trust within its community.