[TL; DR]
Pump.fun lost crpto assets worth around $2 million in a DeFi securit breach.
Jarret, Pump.funs ex-emploee, distributed stolen tokens as airdrop to members of several crpto communities.
Slothana, DogWifHat, Bonk, Sealana, Smog ($SMOG) and Luck Boo (BOO) are examples of leading memecoins on the Solana blockchain.
Introduction
Despite the number of ears the DeFi sector has existed, malicious exploitation is still ongoing due to crpto platforms poor securit measures. However, one of the positive things we have witnessed within the past ear is an increase in cooperation between law enforcement agents and DeFi projects when a crpto heist occurs. Toda, we assess how the Pump.fun crpto heist occurred and its implications for the entire DeFi sector.
How Pump.fun Fell Victim to a $2 Million Heist
Pump.fun, a Solana based DeFi memecoin protocol, was breached on 16 Ma leading to a loss of crptocurrencies worth about $2 million. Basicall, the exploiter used flash loans to manipulate the protocols bonding curve contracts.
After the exploit Pump.fun used its social media platforms to alert its users about the DeFi securit breach. Through its X platform profile the team said, We have upgraded the contracts so the attacker cannot siphon an more funds. The TVL in the protocol right now is safe. Weve paused trading ou cannot bu and sell an coins at the moment. An coins that are currentl in the process of migrating to Radium cannot be traded and will not be migrating for an indefinite period of time.
Based on how the attack occurred some industr leaders believed that the Pump.fun flash loan exploit was an inside crpto attack. In this regard, Igor Igamberdiev, head of research at Wintermute, commented: It seems like pumpdotfun lost 2k SOL ($300k+) and a bunch of memecoins through a possible private ke leakage.
However, after a few hours the Pump.fun team promised its investors that it had upgraded its smart contract to prevent similar future attacks. It wrote: We have upgraded the contracts so the attacker cannot siphon an more funds. The TVL in the protocol right now is safe. Weve paused trading ou cannot bu and sell an coins at the moment.
It added, An coins that are currentl in the process of migrating to Radium cannot be traded and will not be migrating for an indefinite period of time.
However, trading on the platform resumed 5 hours after the Solana Pump.fun attack. Due to the inconveniences that arose from the attack the team scrapped trading fees for the next seven das. Also, it promised to seed the liquidit pools (LPs) for affected tokens so as to restore the trading functionalit.
The team clarified the issue: You can launch new coins and trade an coin that did not reach 100% between 15:21-17:00 UTC. To make users whole, an coin that reached 100% between 15:21-17:00 UTC will go live on Radium with >= 100% of the liquidit that it previousl had.
It continued, We are committed to ensuring the safet of our users and are cooperating with relevant parties, including law enforcement, to minimie the damage.
Flash Loans and Smart Contracts: Unpacking the Pump.fun Exploitation
As hinted above, the memecoin platform exploit was a result of the manipulation of the Margin.fi flash loan facilit. Primaril, the bad actor accessed tokens from the Margin.fi then acquired SOL. From there, he used SOL to bu the Pump.fun tokens. In the process, he did not even use his mone.
Notabl, the transaction pushed the bonding curve to its limit. For context, the bonding curve is a smart contract for creating a market for tokens without using crpto exchanges. Thus, the manipulation prevented the tokens from being listed on the Radium decentralied exchange based on the Solana blockchain.
The Attacker's Identit and Motives
At first the attacker was identified b his wallet address, 7ihN8QaTfNoDTRTQGULCbUT3PHwPDTu5Brcu4iT2paP. Later, he was identified as Jarrett, also known b his X username, STACCOverflow. Jarret is Pump.funs former emploee who seemed disgruntled b how the team runs the decentralied finance (DeFi) project. Jarrets post on X social platform points to his premeditated Solana Pump.fun attack as the next screenshot shows. Source: x.com
Based on Jarrets social media posts his main motive for the Solana ecosstem securit breach was to punish his former bosses for their unfair and unprofessional conducts during the performance of their duties. He showed his negative sentiment towards his ex-bosses through his X post as the next image shows. Source: x.com
The Web3 Robinhood? The Attacker's Plan to Redistribute Wealth
In one of his X posts, Jarret stated that he would redistribute the DeFi loot, which earned him the nickname Web3 Robin Hood. As per his promise Jarret distributed the stolen crptocurrenc to members of several crpto communities, including Slerf, Stacc, Saga, and Risklol. As a result, one of the communit members commented as shown in the image. Source: x.com
In the meantime, several crpto users from the said crpto communities have admitted that the received the airdrop. However, what is not clear is the exact method he used to distribute them.
Beware of Scammers: Risks Following the Pump.fun Incident
The crpto communit should remain vigilant after the Pump.fun blockchain platform securit breach. This is because some malicious actors ma masquerade as the Pump.fun team that is willing to reimburse their tokens. The ma send malicious links purporting that the users should provide their details to claim their stolen crptocurrencies. In a bid to benefit from the crptocurrenc theft recover some investors ma end up losing more crpto assets.
List of the Best SOL meme coins
Solana has man memecoins, some of which might have been listed on Pump.fun. The popular Solana-based meme coins include Slothana, DogWifHat, Bonk, Sealana, Smog ($SMOG) and Luck Boo (BOO).
Conclusion
Pumpfuns ex-emploee stole crptocurrencies worth around $2 million in a bid to punish his ex-bosses whom he accused of being unprofessional in their business conduct. However, Jarret distributed the tokens he stole to members of several crpto communities through an airdrop. DogWifHat, Bonk, Sealana, Smog ($SMOG) are examples of popular Solana-based memecoins.
还没有评论,来说两句吧...