As a seasoned crypto investor with over a decade of experience in this ever-evolving digital frontier, I must admit that the recent incident involving Pump Science has left me somewhat disheartened and wary. The carelessness exhibited by BuilderZ in leaving private keys exposed in their GitHub codebase is a stark reminder of the importance of security in this industry.
warning users about counterfeit tokens distributed through the Pump.fun account on Pump Science’s decentralized platform, following the unauthorized disclosure of its private key on GitHub
As per the announcement made on November 27, the hacker gained access to private keys associated with their account on Pump.fun due to a security breach on GitHub. This allowed them to produce counterfeit tokens such as Urolithin B through E (URO) and Cocaine (COKE) under the compromised profile of Pump Science.
Pump Science’s platform is centered around developing tokens linked to studies in the field of longevity medicine. The project presents itself as a fun and interactive longevity research program. Its goal is to unite token holders with ownership rights for chemical compounds, providing an opportunity for them to sell “intervention” rights to suppliers. In essence, it merges research and commerce by allowing the commercialization of research findings.
In this project, we’ve introduced only two entities: Rifampicin (often referred to as Rifampin) and Urolithin A. Rifampicin is an antibiotic primarily used for treating tuberculosis, while Urolithin A is being researched for its potential benefits in improving mitochondrial function and muscle health. Unfortunately, the value of both Rifampicin and Urolithin A dropped by more than 25% after a security breach occurred.
According to Pump Science, it’s recommended for users to steer clear of purchasing or engaging with any fresh tokens stemming from the “pscience PumpFun” account, as the hacker is said to retain control over the breached digital wallet.
According to the findings from the investigation after the attack, it appears that the private keys associated with the user account were accidentally exposed when they were included in the project’s GitHub source code.
According to Pump Science, the source of the leak was a mistake made by BuilderZ, a software development company working on the Solana platform for this project. They accidentally left the private key for their developer wallet (“T5j2U…jb8sc”) in the GitHub code they publicly shared. Initially, BuilderZ thought the keys were associated with a testing wallet and therefore deemed it unessential.
[BuilderZ] carelessly placed the private key for T5j within the project’s codebase, assuming it wasn’t the development wallet. However, due to the feature that allows free token creation on http://pump.fun, this key seemed to be associated with the project’s front end.” (Project Statement)
In a recent change, Pump Science rebranded its Pump.fun profile as “dont_trust” and has teamed up with blockchain security company Blockaid. This collaboration aims to identify and warn against counterfeit mints that originate from the compromised address, thereby preventing any further misuse or exploitation.
To alleviate security issues, the platform has pledged to conduct a thorough review of its user interface (UI) and intends to host bug bounty competitions for vulnerability assessment. Additionally, any future token releases will take place following comprehensive app and smart contract assessments. The platform also declared that it will cease launching tokens on Pump.fun in the future.
As a researcher, I’ve observed a significant backlash towards our project due to how we’ve managed the recent data breach. Some members of the community have accused us of being dishonest, referring to it as a scam, while others have expressed doubts about our operational capabilities. The concerns raised are noteworthy and warrant further investigation.
“left the private key in the codebase” FML. Project deserves to go to zero.
— scudza (🌿,👻) (@Jarred_Za) November 26, 2024
Leaks of private keys are one of the main reasons for security breaches in the decentralized realm. According to blockchain analysis firm CertiK, during Q3 of 2024, these leaks were the second most expensive type of attack, causing a total of $324.4 million to be stolen across ten separate incidents.
Read More
- XRP Price Eyes $2 Support Level Amidst Market Correction
- 15 Charged for converting Drug Cartels’ Cash into Cryptocurrency in U.S.
- OREO Unveils Six New Products for 2025
- PYTH PREDICTION. PYTH cryptocurrency
- ‘Fast and Furious’ Star Paul Walker Remembered 11 Years After His Death
- Russell T Davies Says He “Kind Of Hopes” The Streaming Bubble Will “Pop”
- Apple Lands Anya Taylor-Joy Led Drama ‘Lucky,’ Based on Bestseller
- Paul Atkins to Replace Gary Gensler as Next SEC Chair?
- Google’s Willow Quantum Chip Sparks Bitcoin Security Debate
- Crypto VC funding roundup: Riot snags over $594m, BVNK raises $50m
2024-11-28 10:47