Market Times:

London:

New York:

Singapore:

News

Solana Platform Pump.fun Suffers Flash Loan Exploit With Contracts Drained

Solana-based token launcher Pump.fun suffers a security exploit, leading to an estimated $200,000+ in losses for users.

Wilfred MichaelMay 16, 2024
pump.fun

Pump.fun, a Solana-based token launch platform that enables users to create memecoins with relative ease, has suffered a security exploit. While the root cause of the exploit remains unknown, it appears user funds in liquidity pools on the platform are being drained using a flash loan from the DeFi protocol, MarginFi.

In the meantime, Solana wallet provider Phantom, which integrates with Pump.fun, has placed a warning on the Pump.fun website. Users who try to access the platform are greeted with a message noting that the website is “malicious and unsafe to use.”

Pumpfun Disabled

Pump.fun Issues Update On Security Exploit

At press time, Pump.fun released an update clarifying that the exploit involved the protocols bonding curve contracts, which evidently handle liquidity on the platform. Following investigations, the Pump.fun team has upgraded its contracts to prevent the hacker from accessing more user funds.

In the meantime, the platform has disabled trading and is collaborating with law enforcement, as well as partners, to minimize the damage. Users who have connected their wallets to Pump.fun also do not need to take additional action, as the security exploit did not compromise their private keys.

 

Meanwhile, Pump.fun, in a subsequent update, confirmed in line with speculations that a former employee had taken advantage of their privileged position to exploit the protocol’s contracts. Nonetheless, they were only able to steal approximately $1.9 million out of the $45 million locked on the platform. Trading has resumed on the platform since then, with memecoins retaking center stage.

Given that Solana’s blockchain ecosystem and SOL usage have largely been driven by memecoin traders in recent times, it is worth noting that the cryptocurrency has not been badly hit by the latest exploit. SOL is trading at $159 at the time of writing, representing a 4% increase in the past 24 hours.

Update: This article has been updated to reflect new information from Pump.fun that the total amount lost to the hack is an estimated $2 million. An earlier version mentioned $200,000 as the total amount lost.

Wilfred Michael

Wilfred Michael is a highly experienced cryptocurrency journo. He has spent more than five years covering this exciting new technological space, and relishes the opportunity to play a role in driving what he considers to be the future of finance.