Pump.fun has redeployed the contracts, and trading is now live with 0% fees for the next seven days.
Memecoin launchpad Pump.fun said that a former employee was responsible for an exploit that took place on Thursday.
This exploit led to the theft of 12,300 SOL, valued at $1.9 million at the time of the hack.
In a post-mortem report posted on X (formerly Twitter), Pump.fun revealed that the former employee “illegitimately took access of the withdraw authority” and used flash loans on a Solana-based lending protocol to borrow SOL.
Flash loans are uncollateralized loans that must be repaid within the same blockchain block, allowing the exploiter to quickly acquire a large amount of SOL without requiring upfront capital.
The Exploit
The rogue employee exploited the borrowed SOL to purchase “as many coins” as possible on Pump.fun until the prices of these coins hit 100% on their respective bonding curves.
In the Pump.fun ecosystem, bonding curves set the price of a coin based on its current supply, causing the price to increase as more coins are bought. Once these coins reached the maximum price point on the bonding curves, the exploiter gained access to the liquidity locked in these curves, which is the pooled funds supporting the trading and stability of those coins.
By 17:00 UTC, all trading on Pump.fun was halted to prevent further damage. The platform stated that, “out of a total of $45m of liquidity in the bonding curve contracts, only ~$1.9m was affected.”
To compensate affected users, Pump.fun noted that the team “will seed the LPs for each affected coin with an equal or greater amount of SOL liquidity that the coin had at 15:21 UTC” within the next 24 hours.
Pump.fun has since redeployed the contracts, and trading is live now with 0% trading fees for the next seven days.
Since its launch in January, Pump.fun has seen its revenue surge to $22 million, data from DeFiLlama shows. On May 10, Pump.fun became the second-largest revenue generating platform in DeFi, surpassed only by the Ethereum Network.
What is Pump.fun?
Pump.fun is a memecoin launchpad platform designed to simplify the process of launching a token on Solana or Blast, making it accessible even to those with no coding experience.
The platform allows users to create their own tokens within minutes, streamlining the initial launch phase by trading the new token along a bonding curve.
According to Pump.fun, this approach helps “prevent rugs by making sure that all created tokens are safe,” ensuring that each coin is a fair launch with “no presale and no team allocation.”
While that may be true, the system unfortunately did not prevent a flashloan attack.
Credit: Source link