- The $1.9 million scammers were revealed by Pump.fun to be a former employee.
- The website published a post-mortem on X outlining measures to reimburse users who were harmed by the exploit.
Pump.fun, a meme coin launchpad located in Solana, claimed that the exploit that happened on Thursday was the work of a former employee.
In the event, a former employee obtained admin capabilities on pump.fun, which led to the theft of about 12,300 SOL, which at the time was estimated to be worth $1.9 million.
The platform said in a post-mortem on X that “at 15:21 UTC, a former employee, having illegitimately taken access of the withdraw authority using their privileged position at the company, used flash loans on a Solana lending protocol.”
According to Pump.fun, the loans were utilized to borrow SOL in order to buy out as many memecoins as possible until they reached 100% on their bonding curves. This gave the exploiter the liquidity they needed to pay back the flash loans. Over a given period of time, this had an impact on approximately $1.9 million of the $45 million in liquidity included in the bonding curve contracts.
Pump.fun closed to trade at 17:00 UTC. The platform stated that just about $1.9 million of the $45 million in total liquidity in the bonding curve contracts was impacted.
In order to prevent additional harm, Pump.fun upgraded the contracts on the platform and halted trading. It also stated that the site is back online and that its contracts are secure.
The company stated that its trading fees are set to 0% for the next seven days. “To make users whole, the pump.fun team will seed the LPs for each affected coin with an equal or greater amount of SOL liquidity that the coin had at 15:21 UTC within the next 24 hours,” the statement reads.
Concurrently, an X user going by the handle “Stacc” admitted to using the exploit. Stacc criticized Pump.fun in a series of tweets, calling them “not the type of ppl you want front n center as the face of blockchain” and describing them as “horrible bosses.”
How does Pump.fun work?
Based in Solana Users can generate fresh tokens with Pump.fun for a small cost of a few dollars. On its website, the network highlights the security precautions it takes, stating that it “prevents rugs by making sure that all created tokens are safe” and forbids team allocations and presales of new coins.
By using a bonding curve method that bases the price on the current supply, users can mint new tokens and decide what they cost to buy. Users that have access to trading capability can buy and sell their assets.
An extra feature is that if a token hits a certain market capitalization of roughly $69,000, it will automatically lock a portion of its liquidity pool, or about $12,000, into Raydium and remove it from circulation indefinitely.
Pump.fun’s daily income on Tuesday exceeded $1.2 million, suggesting that the platform is seeing a lot of use.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
