NewsBTC
2024-05-18 01:00:43

Crypto Post-Mortem: Here’s How Pump.Fun Was Exploited For $2 Million

Solana-based platform Pump.fun suffered an exploit that left the crypto community with many questions. The attack stole millions of dollars in users’ funds, but the reasons behind it and the exact amount of the loot were unclear. Amid the uncertainty, some claimed that a crypto Robinhood had emerged. Related Reading: Bitcoin Still Has “A Lot Of Room To Run Before Reversal,” Says Top Analyst $80 Million Taken In Crypto Heist? On Thursday, the platform Pump.fun announced its bounding curve contracts had been compromised. In the post, the team alerted users that all trading was temporarily halted while they investigated the incident. Pump.fun is a trading platform created to “prevent rugs” by ensuring that all created crypto tokens are safe. The platform allows users to easily launch instantly tradeable tokens with no presale and no team allocation. This solution became an extremely popular alternative among influencers and users who wanted to create tokens without the complexity or high costs of launching a project. It uses bonding curve contracts for the tokens, a mathematical model that determines a token’s price based on supply, increasing with the number of tokens bought. After the token’s market capitalization reaches $69,000, part of the liquidity is deposited on Raydium to be burned. Since the attack, the team has assured users that the contracts have been upgraded to prevent further fund loss, adding that the protocol’s total value locked (TVL) is safe. However, the community’s reports were contradictory and alarming. Some users claimed the attacker had taken $80 million in crypto from the platform’s bonding curve contracts, which worried the affected users. According to Lookonchain’s report, the hacker was quickly identified. At first, he pretended to be an unaware user, asking what the damages were. However, he later accused the platform’s founders of withdrawing the exact amount stolen a day prior. An X user claimed the individual chose to “be a Robin Hood, dropping hacked cash to $SOL communities.” The attacker also stated in a post his desire to “change the course of history.” However, his “heroic outlaw” endeavors affected 1,882 addresses. What Happened? Despite the speculation and the attacker’s posts, it was later revealed that he was a Pump.fun ex-employee. In its post-mortem post, the platform’s team revealed that the individual had used their position to misappropriate funds from the bonding curve contracts. The attacker illegitimately accessed the accounts after obtaining the private keys, “using their privileged position at the company.” The former employee used flash loans from Solana lending protocol to steal 12,300 SOL, worth around $1.9 million. Per the post, he borrowed SOL to buy as many tokens as possible in Pump.fun. When the tokens hit 100% on their respective bonding curves, the attacker used the keys to access the bonding curve liquidity and repay the flash loans. Fortunately, the attacker could only access $1.9 million out of the $45 million liquidity in contracts. Since then, the team has redeployed the bonding curve contracts and offered a plan to help affected crypto investors. Related Reading: Fetch.AI Soars 14.5% As AI Tokens Surge, Can FET Reach $4? To make users whole, the team will “seed the LPs for each affected coin with an equal or greater amount of SOL liquidity that the coin had at 15:21 UTC within the next 24 hours.” Moreover, they are offering 0% trading fees for the next 7 days. As a user pointed out, this action is “non-trivial” since Pump.fun makes $1 million daily from fees. Featured Image from Unsplash.com, Chart from TradingView.com

获取加密通讯
阅读免责声明 : 此处提供的所有内容我们的网站,超链接网站,相关应用程序,论坛,博客,社交媒体帐户和其他平台(“网站”)仅供您提供一般信息,从第三方采购。 我们不对与我们的内容有任何形式的保证,包括但不限于准确性和更新性。 我们提供的内容中没有任何内容构成财务建议,法律建议或任何其他形式的建议,以满足您对任何目的的特定依赖。 任何使用或依赖我们的内容完全由您自行承担风险和自由裁量权。 在依赖它们之前,您应该进行自己的研究,审查,分析和验证我们的内容。 交易是一项高风险的活动,可能导致重大损失,因此请在做出任何决定之前咨询您的财务顾问。 我们网站上的任何内容均不构成招揽或要约