๐จCrypto news flash!๐จ Solana-based meme coin launchpad Pump.fun has been hit by an internal exploit! A former employee, using their privileged position, managed to misappropriate around 12,300 SOL, equivalent to a whopping $1.9 million! ๐ฒ
In a bid to prevent further damage, Pump.fun swiftly halted trading and updated contracts. The rogue employee had used their access to the withdrawal authority to borrow SOL via flash loans on a Solana lending protocol, buying up coins and pushing them to 100% on their bonding curves. This sneaky move allowed them to access the bonding curve liquidity and repay the flash loans.๐
Trading was halted a few hours later, with $1.9 million affected out of $45 million in total liquidity. But don't worry, Pump.fun is on the case! They've redeployed contracts and resumed trading with a 0% fee for the next seven days.๐
The tokens that reached 100% during the exploit are currently untradeable until liquidity pools are deployed for them on the Solana lending protocol, Raydium. The Pump.fun team has promised to replenish the liquidity pools for the affected coins with an equal or greater amount of SOL within the next 24 hours.๐
Pump.fun is working hard to ensure safe and structured trading resumes, and is collaborating with top security experts to prevent such incidents in the future.๐
The plot thickens as Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, suspects an internal private key leak and points fingers at X user โSTACCoverflow.โ The accused user has admitted to executing the exploit, criticizing their former employers at Pump.fun. Stay tuned for more updates! ๐ต๏ธโโ๏ธ๐