Pump.fun Stolen $1.9 Million, Is the Solana Meme Season Over?

On May 17, according to community feedback, pump.fun was suspected of being attacked, and the attacker could participate in the meme coins released by the platform indefinitely through the loophole. As of press time, Phantom Wallet has temporarily blocked the pump.fun project website. Subsequently, Pump.fun stated in a post by X that the team was aware that the contract had been leaked and was investigating.

On May 17, pump.fun released the latest progress of the incident, stating that its contract was safe and that the attack was caused by a former employee who used his privileged position in the company to embezzle about 12,300 SOL (about 1.9 million US dollars). At present, the pump.fun team has redeployed the contract and will resume trading in the next 7 days. To compensate users, the pump.fun team will inject SOL liquidity greater than or equal to that token for each affected token after 15:21 UTC within the next 24 hours.

Or was it an insider who committed the crime just because he was "discovered for dating"?

Wintermute research director Lgor Lamberdiev posted that pump.fun was attacked due to suspected private key leakage, and the attacker stole a total of 2,000 SOL and a large number of MEME coins.

Lamberdiev explained that 5PXxuZ is Pump's service account, which is mainly used to transfer liquidity from the pump.fun joint curve to Raydium. The process is usually that someone needs to make the last trade and add enough liquidity to deploy the Raydium pool, and then 5PXxuZ withdraws all liquidity from the curve and adds it to Raydium.

Normal pump.fun liquidity transfer process, image source from Lamberdiev

In this attack, the process changed to a trader opening a flash loan of 129 SOL to buy meme tokens, so that 5PXxuZ can extract liquidity from the joint curve and then repay the flash loan, but a liquidity pool cannot be created on Raydium.

The transaction process of pump.fun after the attack, the source is from Lamberdiev

Interestingly, 5PXxuZ is the co-signer of all attack transactions, so Lamberdiev believes that although there is a possibility of insider crime, this at least shows that the team's private key has been leaked.

5PXxuZ is the joint signer of the attack transaction, the source is from Lamberdiev

The attacker behind this incident also seems to be very high-profile. The user with the username @STACCoverflow tweeted on X that he was "about to change the course of history." In addition, he hinted in the tweet that he did not intend to keep the stolen funds, but planned to transfer the remaining balance of the joint curve to some token users.

There is also X user @gucciprayers who said that the incident was caused by two pump.fun developers falling in love. After being discovered by the founder, they "threatened to reveal their secrets by posting memes", causing one of them to panic and hack into the platform to prevent the meme from being deployed. Of course, the authenticity of this statement has not been confirmed.

pump.fun has made a lot of money

As a platform dedicated to meme speculation, Pump.fun was originally launched for Solana. On this platform, people can deploy tokens at a cost price of less than $2. At present, Pump.fun may already be the Memecoin platform with the largest traffic on the Solana ecosystem, and has added support for Ethereum L2 Blast.

Related reading: " God disks are frequently released, what is the origin of Solana's largest Meme launch platform Pump.fun? "

Due to the extremely low cost of launching a Meme, a large number of new trading pairs are listed on decentralized exchanges every day, making it a fast-paced field. But because of this, the average lifespan of most Meme projects is often 24 hours or even shorter, mainly because bad actors try to take advantage of this craze and deceive ambitious and unsuspecting investors through carefully planned scams and marketing.

According to dune data, pump.fun's total protocol revenue has reached 147,661SOL, about 21.58 million US dollars. As a project launched in January this year, pump.fun's cash flow income is undoubtedly very high.

Image source from https://dune.com/hashed_official/pumpdotfun

Is Solana's dog season over?

After pump.fun was stolen, the community discussed a lot about this meme-issued product, and many users said that they "rarely make money on the platform." X user @YeruiZhang said that the emergence of pump.fun is "an end of Sol's dog season, giving people the feeling of Blur to ETH NFT", and this view has aroused heated discussion in the community.

@YeruiZhang believes that pump.fun has reduced the tradable range of memes on Solana from millions or even tens of millions of dollars to hundreds of thousands of dollars. Although there are a few successful cases, the emergence of pump.fun has lowered the starting point of meme coin speculation and increased the difficulty of early control. In addition, the emergence of a large number of meme coins with the same name will also make users consume their emotions of "taking over" after buying the wrong meme.

@tradergirlsuki does not think this is the end of meme coins, and said that there will be new, high-quality coin issuance mechanisms and on-chain issuance of other types of assets.

@tradergirlsuki believes that early control is important for the start of meme, and it is difficult to start without chips in hand. Since pump.fun makes it difficult for retail investors to make money, the market will naturally look for new ways. "Going after the earth dog and looking for alpha is an eternal proposition."

Currently, the pump.fun team has redeployed the contract and trading will resume in the next 7 days. To compensate users, the pump.fun team will inject SOL liquidity greater than or equal to that token for each affected token after 15:21 UTC time within the next 24 hours. Will Solana's meme season carnival end here? Will there be new "pump.fun" replacements in the ecosystem? It is worth our continued attention.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群： https://t.me/theblockbeats

Telegram 交流群： https://t.me/BlockBeats_App

Twitter 官方账号： https://twitter.com/BlockBeatsAsia