Pump.fun exploiter arrested: ‘Team alleges I stole $2m in ill-gotten gains’

As a researcher with experience in cryptocurrency and blockchain security, I find this case particularly intriguing. The arrest of Jarett Dunn, the alleged mastermind behind the pump.fun exploit, raises many questions about the complexities of decentralized finance (DeFi) and the potential risks associated with internal threats.


The individual believed to orchestrate the pump.fun exploit in the Solana memecoin protocol has reportedly been taken into custody in London.

Based on information from Blockworks’ reliable sources, Jarett Dunn, previously a contractor and recognized online under the handle @STACCoverflow, was taken into custody by British law enforcement in the early hours of May 18th.

A thorough intelligence operation, instigated by a third-party entity that engaged a private intelligence firm, led to the arrest of Dunn after 26 hours. This operation utilized social media updates and publicly accessible data to locate him in London.

In the extensive investigation, local reinforcements, referred to as “auxiliaries,” played a crucial role in tracking down the suspect. They ultimately discovered him in a room at the Middle Eight Hotel in Covent Garden, and he was apprehended approximately seven hours afterwards.

It’s intriguing that Jarett was taken into custody around the same time as his final social media update on X. In this post, he adopted the username @STACCoverflow, which is a clever fusion of the French phrase “j’arrête” (signifying “I’m done”) and his real name, Jarett.

Following his apprehension, Dunn was granted bail as indicated in his own X post and corroborated by the intelligence agency.

For a brief period, I find myself devoid of my 2FA codes. Last night, I was held in detention due to accusations from the pump team that I had stolen approximately 2 million dollars of their ill-gotten gains and conspired to take an additional 80 million dollars.

— free stacc (@jarettdunn) May 18, 2024

He is expected to remain in the UK until his court appearance, reportedly scheduled for August.

As an analyst, I’d rephrase it as follows: On May 16, I discovered that the pump.fun platform, which streamlines token launches on the Solana (SOL) network, experienced an exploit. The aftermath of this incident resulted in a substantial loss of over 12,300 SOL, equivalent to around $2 million at the time.

A user took advantage of flash loans offered by Raydium, a Solana-based lending platform, to execute an exploit. Flash loans represent a defi innovation enabling individuals to obtain substantial loaned funds in a decentralized manner.

Here, the adversary interfered with the pump.fun price determination mechanisms, which are responsible for establishing token prices based on available supply.

The hacker successfully hit the 100% mark on these graphs, enabling access to Raydium’s intended liquidity. Afterward, they efficiently repaid their flash loan and pocketed a significant profit from the transaction.

Following the incident, pump.fun started working with law enforcement to investigate the breach.

As an analyst, I’ve conducted an in-depth examination of our recent Solana token migration incident. Here’s a clear and concise summary:

— pump.fun (@pumpdotfun) May 16, 2024

Igor Igamberdiev, the research head at Wintermute, one of the earliest cryptocurrency market makers, proposed that a stolen internal private key could have been the cause of the hack. Later on, under the pseudonym @STACCoverflow, Dunn confessed to his involvement in the breach. He made a string of uncharacteristic tweets, revealing his intention to “alter the trajectory of events” and disclosing details about his personal struggles with mental health and the loss of his mother.

And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I’m about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x

— 🔥🪂staccoverflow ; j’arrête ; (@STACCoverflow) May 16, 2024

He also asserted that the stolen funds would be distributed to holders of various Solana tokens.

Based on Dunn’s messages, it appeared that a minimum of seven people were eligible for these payments. However, he failed to disclose any details regarding how the payments would be distributed or by what date they should be claimed.

His messages also suggested a motive driven more by emotional distress than financial gain.

Read More

Sorry. No data so far.

2024-05-19 19:16