pump.fun Crypto Platform Restarts Operations Following Employee Misappropriation Incident

Pump.fun, a popular cryptocurrency platform, has resumed operations after discovering that a former employee had stolen approximately $1.9 million worth of SOL, valued at $12.3k. The employee, who had been overworked for a long time, used their privileges to exploit the platform’s withdrawal authority and used flash loans on a Solana lending protocol to borrow the stolen SOL.

The stolen amount was acquired entirely through flash loans, and the attacker, who held various coins on the platform, manipulated the markets to increase their value by 100%. Exploiting the advantage of flash loans, the employee reached the limit of the bonding curve liquidity at zero percent and automatically repaid the funds using the gained liquidity.

Pump.fun took immediate action and halted trading of all assets at 17:00 UTC to address the situation. Despite having $45 million in total liquidity, the employee managed to embezzle around $1.9 million from the bonding curve contracts.

In response, the Pump.fun team quickly relaunched the contracts to restore trading capabilities. To encourage users to return to the platform, they announced a fee-free trading period for the next seven days. Users can freely generate new coins and trade existing ones without any concerns.

However, coins that reached 100% during the attack are currently in a state of limbo, as their liquidity pools cannot be traded until new liquidity pools are established on Raydium. In order to rectify this, Pump.fun has pledged to seed these liquidity pools with equal or greater liquidity within 24 hours, ensuring that affected users are compensated.

By fully restoring the security of its platform and providing detailed compensation to affected users, Pump.fun demonstrates its ability to handle internal data breaches. The immediate reopening of services and the temporary waiver of trading fees reflect the platform’s commitment to maintaining user trust and platform integrity.

In related news, a vulnerability in Sonne Finance resulted in a $20 million crypto heist.