UK Government Releases Hacker Behind $2M Pump.fun Exploit on Bail

On May 16th, the Solana-based project Pump.fun fell victim to an estimated $2 million hack. Later that day, Jarrett Dunn, a user with the X display name, STACCoverflow, claimed to be behind the attack. After being arrested, the hacker was released on bail, set to reappear on August 16th, 2024.

A Hack or a Rescue?

Jarrett Dunn, a Canadian, is a former employee at Pump.fun, a platform that allows the easy creation of Solana-based memecoins. According to the infamous attacker, the Pump.fun team accused him of stealing the funds using his privileged positions in the company. A flash loan attack was used to facilitate the attack.

Instead of concealing his identity, Dunn shared details about the exploit on an X Spaces. Further activities on social platforms enabled the British police authorities to apprehend Dunn and detain him through a contracted private intelligence firm.

The bad actor claimed that he spent a night in jail before receiving free bail, based on the United Kingdom (UK) law. Conditions for bail included not communicating with certain individuals until his reappearance before the UK police. His devices were confiscated, making him unable to access the stolen funds.

Following his release, Dunn revealed that he was in a mental healthcare hospital. He had access to the hospital’s iPad to sign into one of his X accounts. Through that account, the infamous hacker shared some insight into the reason for the exploit.

According to Dunn, Pump.fun was responsible for several “heinous” crimes. They include running as an unregistered securities exchange, operating as a gambling platform without the know your customer (KYC) or anti-money laundering (AML) security measures. He also alleged that the project’s founders are eyeing the integration of a livestream feature targeted at promoting child sexual abuse.

Dunn stated that he would present all these matters when reappearing before the UK authorities in August. Meanwhile, he urged all users to withdraw all capital from the Pump.fun platform immediately. This way, Dunn’s exploit appears as a step towards uncovering the supposed wrongs within the Solana-based platform, instead of an outright hack.

What Does Pump.fun Say?

Despite all allegations pointed at Pump.fun, the platform has yet to admit or refute them. At press time, the platform has not posted any recent tweets on its X page.