🔥🔥🔥 Crypto Post-Mortem: Here’s How Pump.Fun Was Exploited For $2 Million
The Solana-based platform Pump.fun recently fell victim to an exploit, leaving the #CryptoCommunity in a state of uncertainty regarding the extent of the damage. While exact figures and motives remained unclear, reports emerged suggesting millions of dollars in users' funds had been siphoned off, prompting comparisons to a crypto Robinhood.
Initial reports indicated that Pump.fun's bounding curve contracts had been compromised, prompting the platform to halt all trading temporarily while investigations ensued.
Pump.fun, created to protect crypto tokens from rug pulls, has become popular for influencers and users wanting to launch tokens without the traditional complexity and costs. The platform uses bonding curve contracts, which rely on a mathematical model to set token prices based on supply. Part of the liquidity is deposited on #Raydium for burning once the token's market capitalization reaches a specific threshold.
Amidst conflicting community reports, some claimed the attacker had made off with a staggering $80 million from the platform's bonding curve contracts, sparking concern among affected users. Lookonchain's report suggested the attacker was swiftly identified, initially posing as an unaware user before accusing the platform's founders of withdrawing the stolen amount beforehand.
A former Pump.fun employee exploited privileged access to private keys to steal 12,300 SOL ($1.9 million). Using flash loans from a Solana lending protocol, the attacker bought tokens on Pump.fun, accessed bonding curve liquidity, and repaid the loans once the tokens peaked in value.
Fortunately, the attacker only accessed $1.9 million of the $45 million in contracts. In response, Pump.fun redeployed bonding curve contracts and pledged to seed liquidity pools with equal or greater SOL liquidity within 24 hours for affected users. They also announced a 0% trading fee for the next 7 days, significant given their daily fee revenue of $1 million.
Source - www.newsbtc.com
