As a seasoned crypto investor with years of experience under my belt, I can’t help but feel a pang of disappointment and concern upon hearing about the latest incident involving Pump.fun. The reported loss of approximately $300k+ in Solana (SOL) and memecoins due to a flash loan attack is not only disappointing for those who have invested in the platform, but also a stark reminder of the risks inherent in the crypto space.
I recently came across a report from Pump.fun, a Solana-based platform, detailing a substantial loss of approximately $2M. This unfortunate event was the result of a flash loan attack. Maliciously taking advantage of their bonding curve contracts, the hacker managed to borrow large sums of money without collateral in a single transaction. The attacker then exploited this vulnerability, leading to significant financial damage for Pump.fun.
1/6It seems like @pumpdotfun lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakageSo let me share evidence of itπβ Igor Igamberdiev (@FrankResearcher) May 16, 2024
As a crypto investor, I’ve come to realize that the success of the exploit hinged significantly on the apparent breach of the private key connected to Pump.fun’s service account, specifically 5PXxuZ. Normally, this account facilitates the transfer of liquidity from the bonding curve over to Raydium, a decentralized exchange operating on Solana.
As a researcher studying the workings of the 5PXxuZ service, I can explain that under normal circumstances, this account draws liquidity from the bonding curve and deposits it into Raydium. However, during the hack, an unexpected incident occurred: instead of adding liquidity to Raydium as intended or making a donation to another account, 5PXxuZ withdrew liquidity directly from the bonding curve and returned some SOL to the attackers to pay off their flash loan.
As a member of the research team, I can share that we took action to halt all trading transactions and freeze any coins en route to Raydium. These operations will remain suspended for an indeterminate period.
Read More
- BODEN PREDICTION. BODEN cryptocurrency
- GHST PREDICTION. GHST cryptocurrency
- BETA PREDICTION. BETA cryptocurrency
- STRD PREDICTION. STRD cryptocurrency
- Mango Markets Exploiter Found Guilty Of Fraud And Manipulation
- GBP EUR PREDICTION
- MATIC PREDICTION. MATIC cryptocurrency
- LOOKS PREDICTION. LOOKS cryptocurrency
- BRN/USD
- TNSR PREDICTION. TNSR cryptocurrency
2024-05-17 04:52