Original title: (pump.science wallet private key leak: an unfinished storm)
Original author: Karen, Foresight News
On the evening of November 25, an address marked as the creator of RIF and URO on pump.fun issued Urolithin B (URO) tokens, leading many community members to mistakenly believe this was an official token issued by pump.science. Urolithin B (URO) quickly 'graduated' and its market value soared to 10 million dollars within two minutes of joining the liquidity pool, but then began to decline continuously, with the current market value having dropped to about 100,000 dollars.
This incident also seems to have impacted the market performance of Urolithin A (URO) and Rifampicin (RIF), both of which fell over 30% within 24 hours. So, what exactly happened?
pump.science wallet key pairs leaked
The incident was triggered by the leak of pump.science's wallet key pairs.
According to official information from pump.science, the wallet address T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was attacked due to a negligence in their GitHub repository, where the attacker found the key pairs in the website's source code. This key pair was originally used for testing purposes in pump.science's GitHub, and the development team did not realize its significance.
From the fraudulent URO token page that appeared on pump.fun last night, it can be seen that the wallet address deploying this fake token is T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. The pump.fun platform shows that this address had previously deployed the official tokens Urolithin A (URO) and Rifampicin (RIF), with current market values of approximately 87 million dollars and 37 million dollars, respectively.
The fraudulent URO token was issued on-chain by an address starting with T5j2UBT that leaked key pairs. This is exactly why it shows on pump.fun that the official URO and RIF token deployer released new coins.
pump.science stated that this wallet was marked as the off-chain token creator for URO and RIF on pump.fun, and attackers may exploit this wallet to issue more tokens; any other tokens issued by this wallet, aside from URO and RIF, should be considered scams.
It is worth noting that pump.science has not taken any remedial or compensatory measures for those users who mistakenly bought the fraudulent URO tokens, which has sparked widespread attention and discussion in the community.
The off-chain creation feature of pump.fun has caused confusion in blockchain explorers and data tools.
The confusion in the community has also been caused by the token creator displayed in pump.fun and blockchain explorers and data tools.
The official URO and RIF tokens from pump.science were created off-chain through pump.fun, while the fraudulent URO was created on-chain through pump.fun. However, the blockchain explorer solscan shows that the deployer address for Urolithin A (URO) and Rifampicin (RIF) is: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ.
Next, let's first understand the off-chain token issuance feature of pump.fun. On the pump.fun platform, off-chain token issuance is free, and the tokens will not be recorded on-chain until the first buyer appears. The first buyer needs to pay the issuance cost of the tokens. Therefore, for tokens created off-chain, the first buyer is often mistakenly regarded as the token deployer by blockchain explorers like solscan or GMGN.
For example, the official URO and RIF tokens, after being created off-chain, had the wallet address BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ of the first buyer mistakenly labeled as the deployer of the tokens by solscan or GMGN.
Here, the author reminds investors to carefully distinguish and verify between tokens created on-chain and off-chain on pump.fun when investing in Meme tokens to avoid falling into scam traps. Additionally, they should remain vigilant regarding any potential tokens issued by wallets starting with T5j2UBTvLY leaked by pump.science. At the same time, we hope that platform providers and token deployers can enhance security measures to prevent such scams from happening again.
Original link
