Solana-based DeFi memecoin platform Pump.enjoyable skilled a major breach on Could 16 when an exploiter apparently utilized flash loans to govern the platform’s bonding curve contracts.
The platform has since paused all buying and selling actions.
In a assertion on social media, Pump.enjoyable acknowledged the exploit and guaranteed customers that the platform is investigating the problem. The group wrote:
“We’ve got upgraded the contracts so the attacker can’t siphon any extra funds. The TVL within the protocol proper now’s secure. We’ve paused buying and selling — you can’t purchase and promote any cash in the mean time. Any cash which are at present within the strategy of migrating to Raydium can’t be traded and won’t be migrating for an indefinite time period.”
Trade consultants, together with Wintermute head of analysis Igor Igamberdiev, urged {that a} key had been compromised, elevating the potential of an inside job. He estimated the loss to be not less than 12,000 SOL, equal to roughly $2 million.
An account on X, recognized as STACCoveflow, claimed duty for the assault shortly after the exploit broke within the information. Stacc hinted at a bigger motive of their posts, stating:
“I’m about to vary the course of historical past.”
He implied that he didn’t intend to maintain the stolen funds however deliberate to redistribute the “remaining balances of bonding curves” to sure token customers. The precise technique Stacc used to execute the assault stays unclear, and it’s unknown if the balances are certainly being distributed to different customers.
The account allegedly belongs to a doxxed developer who beforehand labored on Pump.enjoyable. Moreover, a number of accounts claimed that Stacc had airdropped the stolen SOL to holders of 4 completely different cash.
Nonetheless, CryptoSlate was unable to confirm the claims on social media as of press time.