Original title: (pump.science Wallet Private Key Leak: An Ongoing Turmoil)

Original author: Karen, Foresight News

On the evening of November 25, an address marked as the creator of RIF and URO on pump.fun issued Urolithin B (URO) tokens, which led many community members to mistakenly believe this was a token officially issued by pump.science. Urolithin B (URO) quickly 'graduated', and within two minutes of joining the liquidity pool, its market cap once soared to 10 million dollars, but then began to decline continuously, and the current market cap has fallen back to around 100,000 dollars.

This incident seems to have affected the market performance of Urolithin A (URO) and Rifampicin (RIF), both of which fell more than 30% within 24 hours. So, what exactly is going on?

pump.science wallet key pair leaked

The incident was triggered by the leakage of the wallet key pair from pump.science.

According to official information from pump.science, due to a negligence in its GitHub repository, the wallet address T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was attacked, and the attacker found the key pair in the website's source code. This key pair was used for testing purposes in pump.science's GitHub from the beginning, and the development team did not realize its importance.

From the fraudulent URO token page that appeared on pump.fun last night, we can see that the wallet address deploying this fake token is T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. The pump.fun platform shows that this address had previously deployed the official tokens Urolithin A (URO) and Rifampicin (RIF), with current market caps of approximately 87 million dollars and 37 million dollars, respectively.

This fraudulent URO token was issued on-chain by an address starting with the leaked key pair T5j2UBT. This is precisely why pump.fun shows that the official URO and RIF token deployers released the new token.

pump.science stated that this wallet was marked as the off-chain token creator of URO and RIF on pump.fun, and the attacker may use this wallet to issue more tokens; any other tokens issued by this wallet, apart from URO and RIF, should be considered fraudulent.

It is worth noting that pump.science has not taken any remedial or compensatory measures for users who were misled and purchased the fraudulent URO tokens, which has sparked widespread attention and discussion in the community.

The off-chain creation feature of pump.fun leads to confusion in blockchain explorers and data tools.

Another cause of confusion in the community is the display of token creators in pump.fun and blockchain explorers and data tools.

The official URO and RIF tokens from pump.science are created off-chain through pump.fun, while the fraudulent URO is created on-chain through pump.fun. However, the blockchain explorer solscan shows that the deployer address for Urolithin A (URO) and Rifampicin (RIF) is: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ.

Next, let’s first understand the off-chain token issuance feature of pump.fun. On the pump.fun platform, off-chain token issuance is free, and tokens are not recorded on-chain immediately after issuance; they are recorded on-chain only when there is a first buyer. The first buyer needs to pay the cost of token issuance. Therefore, for tokens created off-chain, the first buyer is often mistakenly identified as the token's deployer by blockchain explorers like solscan or data tools like GMGN.

For example, after the official URO and RIF tokens were created off-chain, the wallet address of the first buyer BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ was mistakenly marked by solscan or GMGN as the token's deployer.

Here, the author reminds investors to distinguish between tokens created on-chain and off-chain on pump.fun when investing in meme tokens and to verify them to avoid falling into fraudulent traps. Additionally, they should remain vigilant about any potential tokens issued by wallets starting with T 5 j 2 UBTvLY that were leaked from pump.science. We also hope that the platform and token deployers can enhance security measures to prevent such fraudulent activities from happening again.

Original link