Meme coin marketplace Pump.fun was attacked by a former team member yesterday, resulting in halted trading, users unable to liquidate their tokens, and the platform losing $1.9 million, according to a May 16 post-mortem. Despite this episode, the meme coin sector on Solana stood firmly in the last 24 hours, with tokens making two-digit leaps.
The best performance in the period was registered by DogeBoy (DOGB), with a nearly 210% upside, while Pepe Trump (PTRUMP) also saw significant positive movement of 67.5%. Maga VP (MVP), another Trump-themed token, is also among the biggest winners in the period, presenting almost a 31% price advance.
On the cat-coins front, MANEKI has shown 34% growth in the past 24 hours at the time of writing, a movement that made its market cap surpass $91 million. UpSideDownCat (USDC) surged almost 54% in the same period, and the cat Chipi (CHIPI) showed a 72% upside.
The Costco Hot Dog (COST), a meme coin that backpacked the meme of hot dogs sold at Costco markets never rising in value, has risen 38% at the time of writing. The meme coin FindMe shown in the image above was, in fact, a honey pot attack.
Honey pots are smart contracts programmed to forbid tokens from being sold, while the contract deployer drains all the liquidity. Currently, the only FindMe pool available has $231 in liquidity, which highlights the risks of trading meme coins.
Moreover, despite showing a 33% growth in the last 24 hours, the token Lola Cat (LOLA) is still relatively new to the meme coin market. Hence, the asset still doesn’t have a seven-day track record.
Solordi (SOLO) represents the dog-themed coins on the meme coins with the most substantial growth in the last 24 hours after leaping 37.7%.
Pump.fun explains the ‘exploit’
As reported by Crypto Briefing, a user used flash loans to manipulate token prices on Pump.fun, borrowing SOL from the money market Drift. However, the exploiter was able to move liquidity from Pump.fun’s pools, which would be possible only by using an authorized wallet.
Wintermute’s head of research Igor Igamberdiev identified that the wallet commonly used to move liquidity from Pump.fun to decentralized exchange Raydium was being controlled by the exploiter, suggesting a private key compromise or an inside job.
In their post-mortem, the meme coin marketplace revealed that a former employee was responsible for the attack, and misappropriated nearly 12,300 SOL. Pump.fun tackled the issue by deploying their smart contracts again, launching pools with the whole they met in the bonding curve during the incident, and removing the platform fees for the next seven days.