jakiro
Source: Cointelegraph, Twitter @Pumpdotfun; Compilation: Deng Tong, Bit Chain Vision
Solana Memecoin’s creation tool Pump.fun claimed that a former employee attacked nearly $ 2 million from the company through the “Bonding Curve” attack.
Pump.fun claims in a post on May 16th thatThe former employee used his “privilege status” to obtain “withdrawal authority” and destroyed the internal system of the agreement.
About US $ 1.9 million was stolen in Pump.fun’s Bonding Curve contract.
The platform temporarily suspended transactions, but it has returned to normal operation.
Pump.fun said that the pump.fun smart contract is “safe”, and users affected by the incident will get the “100% liquidity” that have been owned in the next 24 hours.
Pump.fun posts in social media as follows:
1. Pump.fun contract is safe and always safe.
2. A former employee uses his privilege position in the company to misappropriate about 12,300 SOL (about 1.9 million US dollars).
3. Pump.fun is launched again.You can issue new tokens between the UTC time 15: 21-17: 00 and trades any tokens with no 100%.
4. In order to ensure that the user’s liquidity is complete, any tokens that reach 100% between 15: 21-17: 00 UTC will be launched on Raydium, and within the next 24 hours & gt;Lobricity.
5. In the next 7 days, the transaction fee will be 0%.
The following is a detailed summary of the incident:
At 15:21, a former employee uses him to illegally obtain the withdrawal of the withdrawal of withdrawal in the company and use the Lightning loan on the Solana lending agreement:
1. Borrow SOL;
2. Use this solid to buy as many tokens as possible so that these tokens can reach 100%on their respective Bonding Curves;
3. Once these tokens reach 100%, you can get Bonding Curves liquidity;
4. Repay the lightning loan.
As of UTC 17: 00, all transactions on http://pump.fun have stopped.Among the $ 45 million liquidity in the Bonding Curves contract, only about 1.9 million US dollars were affected.
Next step
-
The Pump.fun team has re -deployed the contract.The transaction will be launched again, and the transaction fee will be 0%in the next 7 days.You can create tokens safely and buy them;
-
The tokens reaching 100% between the World Standard time 15: 21-17: 00 are in an uncertain state, which means that no one can trade them before the deployment of LP on Raydium;
-
In order to use the household complete, the Pump.fun team will plant LP for each affected token in the next 24 hours. The fluidity of SOL is equal to or greater than the liquidity of the token at UTC 15:21.
Please wait patiently. Our goal is to restore these tokens transactions in a safe and structured manner.
We have been working with some of the most respected security personnel in this field, not only to minimize the impact of this situation, but also ensure that this will never happen in the future.
Thanks to all those who extend their hands, and the best communities in the field to trust us.
Solana’s alcohol coins are back, and they are stronger than ever.
Before pump.fun post,Igamberdiev, the director of the cryptocurrency as a city merchant Wintermute, claimed that the hacking attack was derived from the internal private key. He suspected that it was caused by the X user “STACCOVERFLOW”.
In a series of mysterious X posts,Stacoverflow claims that they are “the process of changing the history soon. N [Original] and then rot in prison.” They added in another post, “Don’t care, I have been searched by human meat.”
In the previous X post, Pump.fun said it had been working with law enforcement.The company did not disclose the name of the former employee or immediately responded to the comments request.
