Former Employee Empties Pump.fun of $2 Million with Flash Loans; Platform Successfully Recovers

Pump.fun, a platform built on Solana for launching tokens, has fallen victim to a significant security breach resulting in a loss of around $2 million. The attacker exploited the platform’s bonding curve contracts by utilizing flash loans, which disrupted Pump.fun’s token launch mechanism.

The team at Pump.fun promptly responded to the attack by ceasing all trading activities on the platform. They announced that users would be unable to buy or sell any coins and that the migration of coins to Raydium would be temporarily halted. However, they assured users that the encrypted liquidity on Raydium remained safe and unaffected. Furthermore, Pump.fun took immediate action to update their contracts, preventing any further exploitation of the system.

The wallet address of the attacker was identified as 7ihN8QaTfNoDTRTQGULCzbUT3PHwPDTu5Brcu4iT2paP. Initially, an individual named ‘Stacc’ claimed responsibility for the attack, stating that it was a protest rather than an attempt to gain financially. However, it was later revealed that the attacker was a former employee named Jarrett, also known as STACCOverflow. Dissatisfied with the company, Jarrett sought to disrupt the platform and openly criticized Pump.fun on social media. He expressed his intention to change the course of history and showed no fear of imprisonment. Jarrett planned to distribute the stolen funds via an airdrop, earning him the nickname “Web3 Robinhood.”

Despite the setback, Pump.fun assured its users that their contracts had always been secure and attributed the attack to the actions of a former employee who misused their position. The platform has since relaunched and is now fully operational. Users can launch new coins and trade any coins that did not reach 100% between 15:21 and 17:00 UTC.

To compensate for the inconvenience caused, Pump.fun has reduced trading fees to 0% for the next seven days. Additionally, the platform is actively working with top security experts to strengthen its defenses and prevent similar incidents in the future. Pump.fun expressed gratitude to its community for their trust and support during this challenging time.

The incident serves as a learning experience for Pump.fun, who is determined to emerge stronger from this setback and ensure a safer and more secure platform for its users. They remain committed to their mission of providing a reliable and trustworthy environment for token launches.