Analysis and Tracking of the Pump.fun Attack Incident
In the early morning of May 17, Pump.fun was attacked, resulting in the random airdrop of assets worth 80 million dollars to specific wallet addresses. What are the reasons for this incident and what potential subsequent impacts could it bring?
13:07 Pump.fun was hacked for 1.9 million dollars, is the Solana meme season over?
The emergence of pump.fun has lowered the entry point for meme coin speculation, increasing the difficulty of early control.
11:01 pump.fun attacker releases token FSA (Flash Stacc attack)
ChainCatcher message, the attacker @STACCoverflow on pump.fun released the token FSA (Flash Stacc attack) 2 hours ago.According to on-chain data, FSA is currently priced at 0.0046 USDT, having risen over 89,016.79% since its release.
09:50 A Quick Overview of the Causes and Consequences of the Pump.fun Attack Incident
Former employees hold the private keys of "hacked accounts," and poor team management is the primary reason.
08:10 pump.fun is back online, and the trading fee is 0% for the next 7 days
ChainCatcher news, pump.fun tweeted that the contract is safe. A former employee misappropriated approximately 12.3K SOL (about 1.9 million USD) by exploiting their privileged position in the company to illegally obtain withdrawal permissions and used the Solana lending protocol for flash loans, borrowing SOL and purchasing as many tokens as possible to push these tokens to 100% on their respective bonding curves. Once these tokens reached 100%, liquidity from the bonding curve was obtained, and the flash loan was repaid. During this period, all transactions on pump.fun were halted.Of the total affected liquidity, only about 45 million USD was impacted. The Pump.fun team redeployed the contract, transactions have reopened, and trading fees will be 0% for the next 7 days.Tokens that reached 100% between 15:21-17:00 UTC are in a pending state, meaning no one can trade them before LP is deployed for them on Raydium.To compensate users, the pump.fun team will seed LP with an equal or greater amount of SOL liquidity for each affected token within the next 24 hours.Previous news, the pump.fun attacker is suspected of conducting random airdrops of the stolen funds, with recipients including holders of slerf, saga, and others.
08:04 Wintermute Research Director: pump.fun may have been attacked due to private key leakage
ChainCatcher news, Wintermute research director Lgor Lamberdiev stated that pump.fun was likely attacked due to a private key leak, resulting in the theft of 2000 SOL and a large amount of MEME coins.Lamberdiev also mentioned that the service account address 5PXxuZ somehow signed the txs, transferring funds to the attacker and random addresses, instead of deploying the Raydium pool, which strongly suggests that the attack was likely caused by the leak from pump.fun.
07:42 The attackers of Pump.fun are suspected of conducting random airdrops of the stolen funds, with airdrop recipients including holders of slerf, saga, and others
ChainCatcher news, according to community reports, Pump.fun has been attacked, and the attacker @STACCoverflow has randomly airdropped assets worth 80 million USD to the following wallet addresses, with multiple addresses already receiving dozens to hundreds of SOL tokens.slerf holders;stacc holders;saga holders;risklol holders, and it is stated that this airdrop of approximately 80 million USD may lead to a Solana fork.It is reported that multiple addresses have already received dozens to hundreds of SOL tokens. The attacker is suspected to have lost a family member, triggering a sense of revenge.
