VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
pump.fun is a Solana-based memecoin generator. On May 16th, the project suffered a $1.9 million exploit by an attacker who then began airdropping the money to somewhat random wallets. pump.fun stated on Twitter that the attack was due to a former employee exploiting their privileges within the company to illegally obtain withdrawal permissions and using a lending protocol to carry out flash loan attacks. Attack method (per SlowMist): Flash Loan Attack. Reported loss: $ 1,900,000.
Primary source
https://x.com/pumpdotfun/status/1791235050643636303 ↗Sourced from
slowmist
Technical record
- chain
- solana
- protocol
- pump.fun
- bug_class
- flashloan
- date_occurred
- 2024-05-16
- loss_usd
- $1,900,000
- source_id
- sm:pump-fun::2024-05-16
Related — same bug class· flashloan