Former Employee Hacks Pump.fun, Steals $1.9 Million
Pump.fun, a token issuance platform on Solana, has identified a former employee as the perpetrator behind a recent cyberattack, resulting in a loss of $1.9 million. The project has announced a compensation plan for affected users. Former Employee Hacks Pump.fun, Steals $1.9 Million Pump.fun announced that a former employee was responsible for the attack on May 16, leading to the theft of approximately 12,300 SOL, equivalent to $1.9 million. https://t.co/uE2QNKXkIT coin migration issue post-m
Pump.fun, a token issuance platform on Solana, has identified a former employee as the perpetrator behind a recent cyberattack, resulting in a loss of $1.9 million. The project has announced a compensation plan for affected users.
Former Employee Hacks Pump.fun, Steals $1.9 Million
Pump.fun announced that a former employee was responsible for the attack on May 16, leading to the theft of approximately 12,300 SOL, equivalent to $1.9 million.
https://t.co/uE2QNKXkIT coin migration issue post-mortem
— pump.fun (@pumpdotfun) May 16, 2024
TL;DR:
1. the https://t.co/uE2QNKXkIT contracts are safe. they have always been safe
2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)
3. https://t.co/uE2QNKXkIT is…
Pump.fun's announcement about the hack. Source: Pump.fun Twitter (05/16/2024)
At 10:21 PM on May 16 (Vietnam time), the former employee gained unauthorized access to pump.fun's withdrawal permissions. They used flash loans through marginfi to buy memecoins on pump.fun until their prices hit 100% on the bonding curve, then withdrew funds from the liquidity pools to repay the flash loans and pocket the profits.
By 2:00 AM on May 17 (Vietnam time), all transactions on pump.fun were halted. Only around $1.9 million out of the $45 million in liquidity held in the contracts was affected.
Pump.fun quickly paused trading and upgraded its smart contract to prevent further damage. Per the latest announcement, the platform has resumed operations and is now secure.
To compensate affected users, pump.fun will replenish the liquidity pools (LP) for affected tokens with an amount equal to or greater than the lost liquidity within 24 hours. Additionally, the trading fee will be 0% for the next seven days.
Hacker's Taunt and Further Claims
In response to pump.fun's announcement about the hack, the former employee — known on X as "STACCoverflow" — taunted the platform with a tweet saying "Welcome back."
https://t.co/uE2QNKXkIT coin migration issue post-mortem
— pump.fun (@pumpdotfun) May 16, 2024
TL;DR:
1. the https://t.co/uE2QNKXkIT contracts are safe. they have always been safe
2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)
3. https://t.co/uE2QNKXkIT is…
STACCoverflow's tweet taunting pump.fun. Source: Twitter (05/16/2024)
Before the attack, STACCoverflow had posted a series of cryptic tweets targeting pump.fun's leadership.
And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x
— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024
STACCoverflow's cryptic tweets. Source: Twitter (05/16/2024)
According to STACCoverflow, pump.fun's leadership was indifferent to employees and maintained control over users' tokens on the platform. The attacker also accused the founders of pulling $2 million from the project's reserves — an amount nearly matching what was stolen.
12300 SOL so around 2M USD
— Code (@CodeXBT) May 16, 2024
STACCoverflow's accusation. Source: Twitter (05/16/2024)
The hacker claimed the stolen funds would be airdropped to holders of Slerf, stacc, risklol, and SAGA tokens. One user received an airdrop of 140 SOL to their Saga wallet, which the hacker retweeted.
The hack also fueled suspicions that pump.fun may be enabling scams for memecoin projects that execute rug pulls.
While some users condemned the hack, others voiced support for the attacker, framing them as a whistleblower exposing the project.
Support for STACCoverflow. Source: Twitter (05/17/2024)
The hacker also launched their own memecoin on Solana inspired by the attack, dubbed Flash Stacc Attack (FSA). The token currently has a market cap of around $240,000 with a trading volume of $1.8 million.
15-minute chart of the FSA/SOL pair. Source: DEX Screener (05/17/2024, 4:00 PM)
This incident underscores the security vulnerabilities inherent in decentralized platforms and the real risk of insider threats, highlighting the urgent need for stronger security measures and transparent governance.