Pump.fun, a buzzy Solana memecoin launcher with huge levels of activity levels recently, paused operations after suffering a flash loan attack that resulted in an estimated loss of 12.3k SOL (~$2M).
What’s the scoop?
- Former Pump.fun employee staccoverflow has claimed responsibility for the attack, citing personal anguish and contempt for his previous bosses.
- The exploit involved a private key compromise and flash loans of SOL borrows via marginfi to manipulate Pump.fun’s memecoin bonding curves, followed by withdrawing liquidity meant for Raydium pools.
- While loss estimates ranged from ~$300k to ~$80M amid the initial chaos, Wintermute’s head researcher Igor Igamberdiev has now pegged the total loss as at least $2M.
Bankless take:
Pump.fun is currently the memecoin capital of Solana, and lately it’s seemed unstoppable. That said, this attack, while far from devastating, certainly takes some wind out of the platform’s sails. However, it seems likely the token launcher can rebound fast.
Across the two days preceding the exploit, Pump.fun generated $1.9M worth of revenues or 95% of the total losses of the attack. It’s not a desirable situation to be in, but the team has the resources to make its users whole. All in all, the episode is a reminder of the potential risks around the crypto frontier and the importance of private key security. The Pump.fun team dropped the ball in a big way here, so watch for how they respond in the days ahead.
Read More: www.bankless.com