Author: 0xFacai, BlockBeats
On May 17th, according to community feedback, pump.fun was suspected to have been attacked, allowing the attacker to participate infinitely in the meme coins released on the platform through a vulnerability. As of the time of writing, the Phantom wallet has temporarily blocked the pump.fun project website. Subsequently, in a post on X, Pump.fun stated that the team was aware that the contract had been leaked and was conducting an investigation.
On May 17th, pump.fun released the latest developments, stating that its contract was secure, and the attack was carried out by a former employee who used their privileged position within the company to embezzle approximately 12,300 SOL (about 1.9 million USD). Currently, the pump.fun team has redeployed the contract, and trading will resume within the next 7 days. To compensate users, the pump.fun team will inject SOL liquidity greater than or equal to the affected token for each token after UTC time 15:21 within the next 24 hours.
Could it be an inside job, just because "a love affair was discovered"?
Wintermute's research director, Igor Lamberdiev, posted that pump.fun was suspected to have been attacked due to a private key leak, with the attacker stealing a total of 2000 SOL and a large amount of MEME coins.
Lamberdiev explained that 5PXxuZ is Pump's service account, mainly used to transfer liquidity from pump.fun's joint curve to Raydium. The usual process involves someone making the final transaction and adding enough liquidity to deploy the Raydium pool, after which 5PXxuZ withdraws all liquidity from the curve and adds it to Raydium.
Normal pump.fun liquidity transfer process, image source: Lamberdiev
However, in this attack, the process involved a trader opening a flash loan of 129 SOL to purchase meme tokens, allowing 5PXxuZ to extract liquidity from the joint curve, then repaying the flash loan, but unable to create liquidity pools on Raydium.
Trading process after pump.fun was attacked, image source: Lamberdiev
Interestingly, 5PXxuZ was the joint signatory for all the attack transactions, leading Lamberdiev to believe that while it is possible that an inside job occurred, it at least indicates that the team's private key has been leaked.
5PXxuZ is the joint signatory for the attack transactions, image source: Lamberdiev
The mastermind behind this attack also seems to be very high-profile, with X username @STACCoverflow stating in a tweet on X that they are "about to change the course of history." Additionally, in the tweet, they hinted that they do not intend to keep the stolen funds and plan to transfer the remaining balance of the joint curve to some token users.
Another X user, @gucciprayers, suggested that this incident occurred because two developers at pump.fun fell in love, and when the founder discovered this, one of them "threatened to reveal their secret in the form of a meme," causing one of them to panic and invade the platform to prevent the meme from being deployed. Of course, the veracity of this claim has yet to be confirmed.
pump.fun has been making a fortune for a long time
As a platform specifically for trading memes, Pump.fun was initially launched for Solana. On this platform, people can deploy tokens at a cost of less than $2. Currently, Pump.fun may already be the largest Memecoin platform in the Solana ecosystem and has added support for Ethereum L2 Blast.
Due to the extremely low cost of launching memes, a large number of new trading pairs are listed on decentralized exchanges every day, making it a fast-paced field. However, as a result, the average lifespan of most meme projects is often only 24 hours or even shorter, mainly because bad actors attempt to take advantage of this frenzy to deceive ambitious and unsuspecting investors through carefully planned scams and marketing.
According to Dune data, pump.fun's total protocol revenue has reached 147,661 SOL, approximately 21.58 million USD. As a project launched in January of this year, pump.fun's cash flow income is undoubtedly very high.
Image source: https://dune.com/hashed_official/pumpdotfun
Has the season of Solana meme coins come to an end?
After the theft of pump.fun, there has been much discussion in the community about this meme issuance product, with many users stating that they "rarely make money on the platform." X user @YeruiZhang stated that the appearance of pump.fun is "a turning point for the Solana meme season, giving the feeling of being to ETH NFT what Blur is to ETH," a viewpoint that has sparked heated discussion in the community.
@YeruiZhang believes that pump.fun has reduced the tradable range of memes on Solana from the million or even tens of millions of dollars level to the tens of thousands of dollars level. Although there are a few successful cases, the emergence of pump.fun has made the starting point for meme coin speculation lower, increasing the difficulty of early control. Additionally, the appearance of a large number of similarly named meme coins will also lead users to consume emotions in "taking over" after buying the wrong meme.
On the other hand, @tradergirlsuki does not believe that this is the end of meme coins and stated that there will be new, high-quality coin issuance mechanisms and on-chain issuance of other asset categories in the future.
@tradergirlsuki believes that early control is very important for the start of memes, and it is difficult to start without chips in hand. If retail investors find it difficult to make money with pump.fun, the market will naturally look for new ways, "rushing to Solana, finding alpha is an eternal proposition."
Currently, the pump.fun team has redeployed the contract, and trading will resume within the next 7 days. To compensate users, the pump.fun team will inject SOL liquidity greater than or equal to the affected token for each token after UTC time 15:21 within the next 24 hours. Will the meme season of Solana's ecosystem come to an end? Will there be new "pump.fun" replacements within the ecosystem? These are worth our continued attention.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
