Attacker Abuses Flashloans to Exploit Pump.Fun – The Defiant

The Solana-based memecoin platform has become a favored venue for token launches in recent weeks.

Solana-based memecoin launchpad Pump.Fun has been exploited. The attacker appears to be a former employee of Pump.Fun, and has publicly claimed responsibility.

By utilizing flashloans en masse, the hacker is filling bonding curves for new tokens on Pump.Fun, and then repaying the loans before the token can be launched on the Raydium decentralized exchange.

In response to the attack, Pump.Fun has paused trading on its site, and has upgraded its contracts to disable the hacker’s method for siphoning funds. The team has also reiterated that any bonding curve contracts with locked LPs on Raydium are secure and that all wallets connected to Pump.Fun remain safe.

A flashloan is an unsecured, instant loan in DeFi that must be borrowed and repaid within a single block, typically used for arbitrage, collateral swaps, or liquidations.

The hacker’s script then allegedly sends the remaining balances to Solana token communities, particularly $SLERF, $STACC, $SAGA, and $RISKLOL holders.

Tweet from the attacker

The exact details of the hack and resulting losses are currently unclear. It appears that the tokens purchased by the hacker may be worthless without a real liquidity pool to back them up, and user funds used to deploy tokens may be lost.

Source link

Leave a Comment