en
Back to the list

Crypto Post-Mortem: Here’s How Pump.Fun Was Exploited For $2 Million

source-logo  newsbtc.com 18 May 2024 00:37, UTC

Solana-based platform Pump.fun suffered an exploit that left the crypto community with many questions. The attack stole millions of dollars in users’ funds, but the reasons behind it and the exact amount of the loot were unclear. Amid the uncertainty, some claimed that a crypto Robinhood had emerged.


An X user claimed the individual chose to “be a Robin Hood, dropping hacked cash to $SOL communities.” The attacker also stated in a post his desire to “change the course of history.” However, his “heroic outlaw” endeavors affected 1,882 addresses.

What Happened?

Despite the speculation and the attacker’s posts, it was later revealed that he was a Pump.fun ex-employee. In its post-mortem post, the platform’s team revealed that the individual had used their position to misappropriate funds from the bonding curve contracts.

The attacker illegitimately accessed the accounts after obtaining the private keys, “using their privileged position at the company.” The former employee used flash loans from Solana lending protocol to steal 12,300 SOL, worth around $1.9 million.

Per the post, he borrowed SOL to buy as many tokens as possible in Pump.fun. When the tokens hit 100% on their respective bonding curves, the attacker used the keys to access the bonding curve liquidity and repay the flash loans.

Fortunately, the attacker could only access $1.9 million out of the $45 million liquidity in contracts. Since then, the team has redeployed the bonding curve contracts and offered a plan to help affected crypto investors

newsbtc.com