Log In
Sign Up
Scan the QR code to download the mobile APP
More download choices
Notifications
Markets & Prices
No new notifications
More
Select language and region
简体中文
English
Tiếng Việt
繁體中文
Español
Русский
Français (Afrique)
Português (Portugal)
ไทย
Indonesia
日本語
بالعربية
Українська
Português (Brasil)
Rise/fall colour
Red for rise and green for fall
Green for rise and red for fall
Start-End Time of the Change
24H
UTC 00:00
UTC+8 00:00
Gate.io
BLOG
Insider Exploits Solana's Meme Coin Plat...
Insider Exploits Solana's Meme Coin Platform, Pump.fun, for $2 Million
2024-05-29, 06:20
[//]:content-type-MARKDOWN-DONOT-DELETE ![](https://gimg2.gateimg.com/image/article/1716963180sdfx.jpeg) ## [TL; DR] Pump.fun lost crypto assets worth around $2 million in a DeFi security breach. Jarret, Pump.fun’s ex-employee, distributed stolen tokens as airdrop to members of several crypto communities. Slothana, DogWifHat, Bonk, Sealana, Smog ($SMOG) and Lucky Boo (BOO) are examples of leading memecoins on the <a href="/price/solana-sol" target="_blank" class="blog_inner_link">Solana</a> blockchain. ## Introduction Despite the number of years the DeFi sector has existed, malicious exploitation is still ongoing due to crypto platforms’ poor security measures. However, one of the positive things we have witnessed within the past year is an increase in cooperation between law enforcement agents and DeFi projects when a crypto heist occurs. Today, we assess how the Pump.fun crypto heist occurred and its implications for the entire DeFi sector. ## How Pump.fun Fell Victim to a $2 Million Heist Pump.fun, [a Solana based DeFi memecoin protocol](https://www.gate.io/learn/articles/what-s-behind-solana-s-biggest-meme-launch-platform-pump-fun/2671 "a Solana based DeFi memecoin protocol"), was breached on 16 May leading to a loss of cryptocurrencies worth about $2 million. Basically, the exploiter used flash loans to manipulate the protocol’s bonding curve contracts. After the exploit Pump.fun used its social media platforms to alert its users about the DeFi security breach. Through its [X platform profile the team said](https://twitter.com/pumpdotfun/status/1791164438852083807?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet "X platform profile the team said"), “We have upgraded the contracts so the attacker cannot siphon any more funds. The TVL in the protocol right now is safe. We’ve paused trading — you cannot buy and sell any coins at the moment. Any coins that are currently in the process of migrating to Raydium cannot be traded and will not be migrating for an indefinite period of time.” Based on how the attack occurred some industry leaders believed that the Pump.fun flash loan exploit was an inside crypto attack. In this regard, Igor Igamberdiev, head of research at Wintermute, [commented](https://twitter.com/FrankResearcher/status/1791164323047293325 "commented"): “It seems like pumpdotfun lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakage.” However, after a few hours the Pump.fun team promised its investors that it had upgraded its smart contract to prevent similar future attacks. It [wrote](https://www.bitget.com/news/detail/12560604005265 "wrote"): “We have upgraded the contracts so the attacker cannot siphon any more funds. The TVL in the protocol right now is safe. “We’ve paused trading — you cannot buy and sell any coins at the moment.” It added, “Any coins that are currently in the process of migrating to Raydium cannot be traded and will not be migrating for an indefinite period of time.” However, trading on the platform resumed 5 hours after the Solana Pump.fun attack. Due to the inconveniences that arose from the attack the team scrapped trading fees for the next seven days. Also, it promised to seed the liquidity pools (LPs) for affected tokens so as to restore the trading functionality. [The team clarified the issue](https://twitter.com/pumpdotfun/status/1791235050643636303 "The team clarified the issue"): “You can launch new coins and trade any coin that did not reach 100% between 15:21-17:00 UTC. To make users whole, any coin that reached 100% between 15:21-17:00 UTC will go live on Raydium with >= 100% of the liquidity that it previously had.” It continued, “We are committed to ensuring the safety of our users and are cooperating with relevant parties, including law enforcement, to minimize the damage.” ## Flash Loans and Smart Contracts: Unpacking the Pump.fun Exploitation As hinted above, the memecoin platform exploit was a result of the manipulation of the Margin.fi flash loan facility. Primarily, the bad actor accessed tokens from the Margin.fi then acquired SOL. From there, he used SOL to buy the Pump.fun tokens. In the process, he did not even use his money. Notably, the transaction pushed the bonding curve to its limit. For context, the bonding curve is a smart contract for creating a market for tokens without using crypto exchanges. Thus, the manipulation prevented the tokens from being listed on the Raydium decentralized exchange based on the Solana blockchain. ## The Attacker's Identity and Motives At first the attacker was identified by his wallet address, 7ihN8QaTfNoDTRTQGULCzbUT3PHwPDTu5Brcu4iT2paP. Later, he was identified as Jarrett, also known by his X username, STACCOverflow. Jarret is Pump.fun’s former employee who seemed disgruntled by how the team runs the decentralized finance (DeFi) project. Jarret’s post on X social platform points to his premeditated Solana Pump.fun attack as the next screenshot shows. ![](https://gimg2.gateimg.com/image/article/1716963512a.jpeg) Source: [x.com](https://twitter.com/STACCoverflow/status/1791134470071865576 "x.com") Based on Jarret’s social media posts his main motive for the Solana ecosystem security breach was to punish his former bosses for their unfair and unprofessional conducts during the performance of their duties. He showed his negative sentiment towards his ex-bosses through his X post as the next image shows. ![](https://gimg2.gateimg.com/image/article/1716963546b.jpeg) Source: [x.com](https://twitter.com/STACCoverflow/status/1791134474387808363 "x.com") ## The Web3 Robinhood? The Attacker's Plan to Redistribute Wealth In one of his X posts, Jarret stated that he would redistribute the DeFi loot, which earned him the nickname Web3 Robin Hood. As per his promise Jarret distributed the stolen cryptocurrency to members of several crypto communities, including Slerf, Stacc, Saga, and Risklol. As a result, one of the community members commented as shown in the image. ![](https://gimg2.gateimg.com/image/article/1716963578c.jpeg) Source: [x.com](https://twitter.com/ardizor/status/1791186167645303080 "x.com") In the meantime, several crypto users from the said crypto communities have admitted that they received the airdrop. However, what is not clear is the exact method he used to distribute them. ## Beware of Scammers: Risks Following the Pump.fun Incident The crypto community should remain vigilant after the [Pump.fun blockchain platform security breach](https://www.gate.io/learn/articles/seek-the-next-crypto-trend-amid-meme-waves/2914 "Pump.fun blockchain platform security breach"). This is because some malicious actors may masquerade as the Pump.fun team that is willing to reimburse their tokens. They may send malicious links purporting that the users should provide their details to claim their stolen cryptocurrencies. In a bid to benefit from the cryptocurrency theft recovery some investors may end up losing more crypto assets. ## List of the Best SOL meme coins Solana has many memecoins, some of which might have been listed on Pump.fun. The popular Solana-based meme coins include Slothana, [DogWifHat](https://www.gate.io/blog_detail/4106 "DogWifHat"), Bonk, Sealana, Smog ($SMOG) and Lucky Boo (BOO). ## Conclusion Pumpfun’s ex-employee stole cryptocurrencies worth around $2 million in a bid to punish his ex-bosses whom he accused of being unprofessional in their business conduct. However, Jarret distributed the tokens he stole to members of several crypto communities through an airdrop. DogWifHat, [Bonk](https://www.gate.io/blog_detail/4041/bonk-memecoin-poised-for-a-bullish-breakout-analysis-and-predictions "Bonk"), Sealana, Smog ($SMOG) are examples of popular [Solana-based memecoins](https://www.gate.io/price/view/solana-meme-coins "Solana-based memecoins"). <div class="blog-details-info"> <div>Author:** Mashell C.**, Gate.io Researcher <div class="info-tips">\*This article represents only the views of the researcher and does not constitute any investment suggestions. <div>\*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement. </div>
Share
Content
[TL_ DR]
Introduction
How Pump.fun Fell Victim to a $2 Million Heist
Flash Loans and Smart Contracts: Unpacking the Pump.fun Exploitation
The Attacker_s Identity and Motives
The Web3 Robinhood? The Attacker_s Plan to Redistribute Wealth
Beware of Scammers: Risks Following the Pump.fun Incident
List of the Best SOL meme coins
Conclusion
Credit Ranking
Complete Gate Post tasks to upgrade your rank
Join Now
Related articles
Market News
From Bitcoin to Ethereum: Why Ethereum is Blockchain 2.0
2021-06-20, 09:30
Market News
The Biggest Airdrop in History May Come: Metamask Will Launch A Token Soon
2022-03-18, 04:53
Market News
Science: From Market Maker to Liquidity Mining, How Important is Liquidity?
2021-07-19, 07:36