Get all your news in one place.
100’s of premium titles.
One app.
Start reading
International Business Times
International Business Times
Business
Marvie Basilan

Solana Memecoin Deployer Pump.fun Says Ex-Employee Caused $1.9M Exploit

There have not been many reports in the crypto industry regarding a former employee hacking into his ex-workplace's system. (Credit: TheDigitalArtist/Pixabay)

KEY POINTS

  • Earlier social media reports said the total losses were around $80 million
  • Pump.fun clarified that $1.9 million was lost and contracts remained safe
  • The development team said an ex-employee gained access to the "withdraw authority"

Pump.fun, a memecoin factory on the Solana blockchain, was exploited for nearly $2 million Thursday after a hacker broke into the memecoin deployer's system and carried out flash loan attacks.

Pump.fun paused trading about two hours after news of the exploit first emerged on social media, disallowing the purchase and sales of any coins. The team also said it upgraded contracts to prevent the attacker from siphoning more funds.

Multiple social media users posted on X (formerly Twitter) that the total losses reached $80 million. However, Pump.fun took to the platform late on Thursday, explaining that only $1.9 million was affected in the exploit.

The Pump.fun team also clarified that "pump.fun contracts are safe." As for the reason behind the hacking, the team said pointed to a former employee who allegedly "used their privileged position at the company to misappropriate 12.3K SOL," the native cryptocurrency of the Solana blockchain.

Digging deeper into the security breach, the team said an ex-employee "illegitimately" gained access of the "withdraw authority" and carried out flash loan attacks. Trading has since been resumed and the team said it is now "safe" to create coins and buy and sell them.

However, the team faced scrutiny from other memecoin users after Igor Igamberdiev, the head of research at crypto market maker Wintermute, suggested that the exploit stems from an internal private key leak, which he said may have been @STACCoverflow on X. However, Igamberdiev said the total SOL losses were at around 2,000 tokens worth over $300,000.

User @STACCoverflow posted on X before news of the exploit emerged. "Everybody be cool, this is a robbery...I'm about to change the course of history..." Igamberdiev included the said post in what he said was "evidence" the hack was of internal nature.

Pump.fun has yet to identify the former employee that allegedly exploited the coin factory, but some users said the team should have prevented the breach. One user noted that the former employee should have had his or her access removed after leaving the team.

Another user asked the developers whether they will establish a "multi facet" security system to ensure that no one can breach the system again and whether the team has determined which security areas they should work on. Pump.fun has yet to respond.

The crypto industry has suffered multiple hacking incidents since the start of the year, including a week wherein over $71 million was lost to hackers and scammers. However, internal security issues such as the Pump.fun exploit have been rare.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.