Pump.fun platform on Solana faces potential exploit
Ongoing investigations reveal that Solana-based platform Pump.fun, which facilitates token launches, has reportedly been exploited through flash loans to manipulate its bonding curve.
The Gotbit Hedge Fund flagged concerns on social media, stating, “Pumpfun might be under attack. This wallet: [Solscan link] is buying all tokens on Pumpfun within minutes to fill bonding curve to 100%. Raydium listing stuck.”
The exploit was detailed by a user known as SOLCircle on social media platform X. The exploiter, identified by the pseudonym Stacc, reportedly employed a crypto loan service to borrow sufficient Solana (SOL) tokens. These tokens were then used to purchase Pump.fun’s meme coins without actually paying, due to the nature of the transaction which allows the tokens to be kept even when the loan terms are not met.
SOLCircle described the situation, stating, “What I’ve been able to figure out is that only one project has gone to Raydium so far and his bag is currently worth approximately 1,000 SOL ($157,000) which he hasn’t sold any yet.”
Exploiter’s admission
The user Stacc has claimed responsibility for the incident in a social media post. He cited personal grievances, including the loss of his mother, as part of his motive behind the exploit. Experts are concerned about the potential impact of this exploit on the meme coin ecosystem within Solana, especially since Pump.fun is considered a significant entity in this market.
“And so this wee lil script is sending the remaining balances of bonding curves via pRNG to 1. slerf holders 2. stacc holders 3. saga holders 4. risklol holders. This ~80m airdrop may cause a solana fork n it may cause an awful lot of sourpuss rich kids everywhere but it certainly stops the evil here,” Stacc notes, explaining that the funds from the exploit will be rewarded to select token and NFT holders in the Solana community.
The situation remains under close observation, with the crypto community and Pump.fun’s team addressing the implications of this exploit.