As a seasoned crypto investor with years of experience under my belt, I can’t help but feel a pang of disappointment and concern upon hearing about the latest incident involving Pump.fun. The reported loss of approximately $300k+ in Solana (SOL) and memecoins due to a flash loan attack is not only disappointing for those who have invested in the platform, but also a stark reminder of the risks inherent in the crypto space.
I recently came across a report from Pump.fun, a Solana-based platform, detailing a substantial loss of approximately $2M. This unfortunate event was the result of a flash loan attack. Maliciously taking advantage of their bonding curve contracts, the hacker managed to borrow large sums of money without collateral in a single transaction. The attacker then exploited this vulnerability, leading to significant financial damage for Pump.fun.
1/6It seems like @pumpdotfun lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakageSo let me share evidence of it👇— Igor Igamberdiev (@FrankResearcher) May 16, 2024
As a crypto investor, I’ve come to realize that the success of the exploit hinged significantly on the apparent breach of the private key connected to Pump.fun’s service account, specifically 5PXxuZ. Normally, this account facilitates the transfer of liquidity from the bonding curve over to Raydium, a decentralized exchange operating on Solana.
As a researcher studying the workings of the 5PXxuZ service, I can explain that under normal circumstances, this account draws liquidity from the bonding curve and deposits it into Raydium. However, during the hack, an unexpected incident occurred: instead of adding liquidity to Raydium as intended or making a donation to another account, 5PXxuZ withdrew liquidity directly from the bonding curve and returned some SOL to the attackers to pay off their flash loan.
As a member of the research team, I can share that we took action to halt all trading transactions and freeze any coins en route to Raydium. These operations will remain suspended for an indeterminate period.
Read More
- Cookie Run Kingdom Town Square Vault password
- Maiden Academy tier list
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- Wizardry Variants Daphne tier list and a reroll guide
- Tap Force tier list of all characters that you can pick
- Chhaava OTT release: Where is Vicky Kaushal and Rashmika Mandanna’s film expected to stream after theatrical run? Find out
- Grimguard Tactics tier list – Ranking the main classes
- Shakira Hospitalized, Cancels Peru Show Due to “Abdominal Issue”
- How To Get Raw Meat In Monster Hunter Wilds
- GoChess review – “Playing IRL and Online”
2024-05-17 04:52