As a seasoned crypto investor with years of experience under my belt, I can’t help but feel a pang of disappointment and concern upon hearing about the latest incident involving Pump.fun. The reported loss of approximately $300k+ in Solana (SOL) and memecoins due to a flash loan attack is not only disappointing for those who have invested in the platform, but also a stark reminder of the risks inherent in the crypto space.
I recently came across a report from Pump.fun, a Solana-based platform, detailing a substantial loss of approximately $2M. This unfortunate event was the result of a flash loan attack. Maliciously taking advantage of their bonding curve contracts, the hacker managed to borrow large sums of money without collateral in a single transaction. The attacker then exploited this vulnerability, leading to significant financial damage for Pump.fun.
1/6It seems like @pumpdotfun lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakageSo let me share evidence of it👇— Igor Igamberdiev (@FrankResearcher) May 16, 2024
As a crypto investor, I’ve come to realize that the success of the exploit hinged significantly on the apparent breach of the private key connected to Pump.fun’s service account, specifically 5PXxuZ. Normally, this account facilitates the transfer of liquidity from the bonding curve over to Raydium, a decentralized exchange operating on Solana.
As a researcher studying the workings of the 5PXxuZ service, I can explain that under normal circumstances, this account draws liquidity from the bonding curve and deposits it into Raydium. However, during the hack, an unexpected incident occurred: instead of adding liquidity to Raydium as intended or making a donation to another account, 5PXxuZ withdrew liquidity directly from the bonding curve and returned some SOL to the attackers to pay off their flash loan.
As a member of the research team, I can share that we took action to halt all trading transactions and freeze any coins en route to Raydium. These operations will remain suspended for an indeterminate period.
Read More
- Ludus promo codes (April 2025)
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- Cookie Run: Kingdom Topping Tart guide – delicious details
- Unleash the Ultimate Warrior: Top 10 Armor Sets in The First Berserker: Khazan
- Grimguard Tactics tier list – Ranking the main classes
- Grand Outlaws brings chaos, crime, and car chases as it soft launches on Android
- Seven Deadly Sins Idle tier list and a reroll guide
- Maiden Academy tier list
- ‘SNL’ Spoofs ‘The White Lotus’ With Donald Trump Twist: “The White POTUS”
- Tap Force tier list of all characters that you can pick
2024-05-17 04:52