QI Quadriga Initiative

May 2024 - Pump.Fun Insider Flash Loan Exploit - $1.9m (Global)

"pump.fun is a Solana-based memecoin generator."

"Pump prevents rugs by making sure that all created tokens are safe. Each coin on pump is a fair-launch with no presale and no team allocation.
step 1: pick a coin that you like
step 2: buy the coin on the bonding curve
step 3: sell at any time to lock in your profits or losses
step 4: when enough people buy on the bonding curve it reaches a market cap of $69k
step 5: $12k of liquidity is then deposited in raydium and burned"

"Flash Loan Acquisition: The attacker initiated a 129 SOL flash loan, a temporary borrowing mechanism with the requirement of repayment within the same transaction."

"he attacker used the borrowed SOL to purchase tokens, potentially creating an opportunity for 5PXxuZ to withdraw liquidity from the curve."

"Crucially, 5PXxuZ itself initiated the withdrawal of all liquidity from the bonding curve, a clear departure from its standard behavior."

"The attacker then returned enough SOL to the platform to repay the flash loan. However, instead of creating a Raydium pool as expected, 5PXxuZ transferred the remaining SOL to a random account."

"5PXxuZ withdrawing liquidity and failing to create a Raydium pool directly contradicts its programmed behavior."

"Interestingly, 5PXxuZ acted as a cosigner for all the attacker's transactions. This implies the attacker had the ability to initiate actions using the compromised private key."

"While the possibility of an inside job cannot be entirely ruled out, the evidence heavily favors a scenario where the private key for 5PXxuZ was compromised, allowing the attacker to manipulate the platform for their gain."

"1. the http://pump.fun contracts are safe. they have always been safe
2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)"

jWbhFY2pQ6r3FxRSFHgx7cGsp58J8B1Zb7ABf7xvgUjWyL5eCZKYSpvtnoKksW7p4m8p8NASD25sXhQ81hYdHHM

2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)"

"1. the http://pump.fun contracts are safe. they have always been safe
2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)"

"3. http://pump.fun is back live. you can launch new coins and trade any coin that did not reach 100% between 15:21-17:00 UTC
4. to make users whole, any coin that reached 100% between 15:21-17:00 UTC will go live on raydium with >= 100% of the liquidity that it previously had within the next 24 hours
5. trading fees are now 0% for the next 7 days"

Further Analysis

More Cryptocurrency Exchange Hacks/Scams/Frauds

BlockTower Capital Hedge Fund Compromise > > < < Sonne Finance Zero Supply Attack

Sources/Further Reading

SlowMist Hacked - SlowMist Zone (Dec 31)
Pump (Dec 31)
Pump (Dec 31)
PUMP.FUN Hack explained: Build your own Safer Pump.fun Clone | by Akash Kumar Jha | May, 2024 | Medium (Dec 31)
@pumpdotfun Twitter (Dec 31)
https://explorer.solana.com/tx/jWbhFY2pQ6r3FxRSFHgx7cGsp58J8B1Zb7ABf7xvgUjWyL5eCZKYSpvtnoKksW7p4m8p8NASD25sXhQ81hYdHHM (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.