Insider Attack Leads to $2 Million Drain from Solana’s Pump.fun Meme Coin Platform
On May 16th, at 15:21 UTC, pump.fun, a popular meme coin creation platform on the Solana (SOL) blockchain, fell victim to an insider attack. This incident resulted in a significant loss of approximately 12,300 SOL, equivalent to nearly $2 million at current market prices.
The attacker cleverly exploited the platform by utilizing flash loans from Margin.fi. By obtaining SOL through these loans, the attacker proceeded to purchase pump.fun tokens without using their own funds. This audacious exploitation has left the crypto community stunned and concerned.
The attacker, initially identified by the wallet address 7ihN8QaTfNoDTRTQGULCzbUT3PHwPDTu5Brcu4iT2paP, proceeded to purchase all the tokens of new projects launched on the pump.fun platform in a matter of minutes. This swift action pushed the bonding curve, a smart contract within the decentralized finance (DeFi) sector, to its limits.
As a result, the manipulated tokens were prevented from listing on the Raydium DEX, a decentralized exchange on the Solana blockchain. This deliberate move aimed to disrupt the normal trading flow and create chaos within the ecosystem.
In response to the attack, pump.fun promptly upgraded its contracts to prevent further exploitation. The team took immediate action by pausing trading and reassuring users that the protocol’s total value locked (TVL) remained secure.
The pump.fun team stated, “We are committed to ensuring the safety of our users and are cooperating with relevant parties, including law enforcement, to minimize the damage.”
Interestingly, the attacker turned out to be a former employee of pump.fun, known by the pseudonym STACCOverflow. Prior to the attack, the individual expressed their dissatisfaction with the company on social media, declaring their intention to disrupt the platform.
In a social media post following the attack, they criticized the leadership at pump.fun, writing, “The kind of horrible bosses that witness you wreck your hand, ask you what happened, you said the glass table got you, and they go ‘is that table ok?’ is not the type of people you want front and center as the face of blockchain.” This statement portrayed their determination to bring about change, even if it meant facing potential legal consequences.
Additionally, the attacker announced their plan to distribute the stolen funds through an airdrop among various communities, such as Slerf, Stacc, Saga, and Risklol. This action has led some in the crypto community to compare them to “Web3 Robinhood.”
Around five hours after the initial attack, pump.fun released a post-mortem. The team redeployed contracts and resumed trading with 0% fees for the next seven days. They also pledged to seed liquidity pools (LPs) for the affected coins to restore trading functionality.
To rectify the situation, pump.fun assured users that they would seed the LPs for each affected coin with an equal or greater amount of SOL liquidity within the next 24 hours. The team expressed optimism, stating, “Solana sh*tcoins are back, and greater than ever.”
However, following this incident, the crypto community needs to remain cautious. Scammers may attempt to take advantage of the situation by posing as the pump.fun team and sharing malicious links to claim reimbursement.
Overall, this insider attack on pump.fun has underscored the need for stringent security measures within the crypto ecosystem. It serves as a reminder that even trusted insiders can pose significant risks, emphasizing the importance of thorough monitoring and accountability in the industry.