• Pump.fun was exploited, resulting in an estimated $2 million loss. 
  • It disclosed that a former employee was responsible for the breach.
  • The attacker used flash loans to purchase the bonding curve for pump.fun memecoins.

On May 16, pump.fun, a Solana-based token launch platform, reportedly faced an exploitation incident. The attacker was believed to have utilized flash loans to acquire sufficient SOL to completely purchase the bonding curve for pump.fun memecoins, causing an estimated loss of around $2 million.

In response, pump.fun revealed on X (formerly Twitter) that it has revised its contracts to block further fund drainage by the attacker. The platform assured that its total value locked (TV) and the wallets linked to it remain secure.

However, this incident wasn’t just a usual exploit. In a recent development, it has come to light that a former employee is responsible for the pum.fun breach that occurred on Thursday. 

As reported by pump.fun, this individual managed to obtain admin privileges on the platform, leading to the unauthorized appropriation of approximately 12,300 SOL, which was valued at around $1.9 million at that time.

Surprisingly, a user on X with the handle “STACCoverflow” admitted to carrying out the exploit.

“And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x,” wrote STACCoverflow on X. 

In his post, he expressed disdain for bosses. He even argued that such individuals “is not the type of ppl you want front n center as the face of blockchain.”

Edited by Harshajit Sarmah