Solana’s memecoin creation tool, Pump Fun, experienced a significant security breach, resulting in a $2 million theft. A former employee exploited their privileged access to execute a bonding curve attack, seizing control of the platform’s internal systems. This incident was disclosed by Pump Fun in a post dated May 16, where they detailed the unlawful access and the subsequent theft.
What Triggered the Security Breach?
The breach impacted Pump Fun’s bonding curve contracts, which held a total of $45 million. Around $1.9 million was stolen, prompting the platform to temporarily suspend trading activities. Despite this disruption, Pump Fun assured users that smart contracts remained secure and guaranteed that affected users would regain their liquidity within 24 hours.
Prior to Pump Fun’s disclosure, Igor Igamberdiev, head of research at Wintermute, speculated that an internal private key leak might have facilitated the attack. An X user by the name STACCoverflow hinted at a significant event in cryptic posts, adding to the controversy surrounding the incident. Pump Fun has stated their ongoing cooperation with law enforcement, although the former employee’s identity remains undisclosed.
How Did the Attack Unfold?
The Pump Fun team revealed that the attacker utilized flash loans via the Solana lending protocol Raydium. Borrowed SOL was used to acquire assets, leading to the temporary shutdown of the platform. When bond curves in cryptocurrencies hit 100%, the attacker managed to tap into the bond curve liquidity to repay the flash loans, resulting in the theft of approximately 12,300 SOL, equivalent to $1.9 million.
Key Takeaways for Users
– Ensure platform’s security protocols are robust and regularly audited.
– Be vigilant for any unusual activity within your accounts.
– Platforms should maintain transparency and timely communication in case of breaches.
– Users must verify if their funds and liquidity are insured or protected.
As Pump Fun continues to navigate the repercussions of this attack, they promise that affected users will recover 100% or more of their pre-attack liquidity, striving to regain user trust and platform stability.