Solana-based DeFi memecoin platform Pump.enjoyable skilled a big breach on Could 16 when an exploiter apparently utilized flash loans to control the platform’s bonding curve contracts.
The platform has since paused all buying and selling actions.
In a statement on social media, Pump.enjoyable acknowledged the exploit and warranted customers that the platform is investigating the difficulty. The workforce wrote:
“We now have upgraded the contracts so the attacker can not siphon any extra funds. The TVL within the protocol proper now’s protected. We’ve paused buying and selling — you can not purchase and promote any cash in the meanwhile. Any cash which are at present within the means of migrating to Raydium can’t be traded and won’t be migrating for an indefinite time frame.”
Trade specialists, together with Wintermute head of analysis Igor Igamberdiev, prompt {that a} key had been compromised, elevating the potential of an inside job. He estimated the loss to be not less than 12,000 SOL, equal to roughly $2 million.
An account on X, recognized as STACCoveflow, claimed accountability for the assault shortly after the exploit broke within the information. Stacc hinted at a bigger motive of their posts, stating:
“I’m about to alter the course of historical past.”
He implied that he didn’t intend to maintain the stolen funds however deliberate to redistribute the “remaining balances of bonding curves” to sure token customers. The precise technique Stacc used to execute the assault stays unclear, and it’s unknown if the balances are certainly being distributed to different customers.
The account allegedly belongs to a doxxed developer who beforehand labored on Pump.enjoyable. Moreover, a number of accounts claimed that Stacc had airdropped the stolen SOL to holders of 4 totally different cash.
Nevertheless, CryptoSlate was unable to confirm the claims on social media as of press time.