4 months ago
25 ARTICLE AD
Wintermute research head suggests inside job in Pump.fun's SOL exploit.
Solana’s meme coin marketplace Pump.fun got exploited this Thursday after its bonding curve contracts have been compromised. In an X post, the team behind the platform claimed to have upgraded the contracts so the attacker cannot withdrawl more funds, and paused the trades for all the tokens.
The X user identified as “staccoverflow” claimed to be the author, stating that he drained nearly $80 million from Pump.fun. However, Wintermute’s head of research Igor Igamberdiev shared that the exploit drained almost 2,000 SOL, which is roughly equivalent to $300,000.
1/6
It seems like @pumpdotfun lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakage
So let me share evidence of it👇https://t.co/yuuKYkamfZ
— Igor Igamberdiev (@FrankResearcher) May 16, 2024
Igamberdiev explains that the attack started with flash loans, which is a feature that lets investors borrow crypto, execute an interaction with a platform with the funds taken, and pay back to the lender all within the same block.
Staccoverflow used this function to exploit Pump.fun’s model of bonding curve, where tokens traded on the platform have liquidity pools created on the decentralized exchange Raydium after they reach a market cap threshold.
Therefore, he took SOL from Solana’s money market MarginFi, used the funds to buy the tokens on Pump.fun until they reached the threshold to go live on Raydium, and then dumped the assets in the same block.
However, a Pump.fun-tied wallet is responsible for moving liquidity from the meme coin marketplace to Raydium. This wallet is supposedly compromised, as it was being used to send the liquidity to the exploiter, who used the funds to repay his loan and sent the remaining amount to a random Solana address. Moreover, Wintermute’s head of research doesn’t discard the possibility of an inside job.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
