DeSci game Pump Science exploited after making private key public

, ,
by Protos Staff

Pump Science, a so-called “DeSci” game that utilizes memecoin platform Pump Fun, has reportedly had its crypto wallet hijacked and used to create fraudulent tokens, after its private key was left public in the codebase.

Pump Science calls itself a “gamified longevity research platform.” The project, which is pushed by memecoin influencers who are trying to promote decentralized science as the next big thing, creates tokens based on various chemicals and claims to utilize data from real animal experiments.

It says that it will explore human trials once the current animal trials are over. It also claims that token holders will be able to sell “intervention” rights to chemical suppliers and will possess the rights to “compound IP” and its development.

The project’s wallet was exploited when developers left its private key in the codebase after a discrepancy with Pump Fun’s free token creation feature. It also encountered issues with launching and buying the first tokens. 

An attacker duly found the key and has been creating tokens using the wallet in an attempt to exploit newcomers to the game. 

The price action of the most recent fraudulent token that was created 11 hours ago.

Read more: Pump Fun livestreams spark backlash from disgusted traders

Pump Science claims that the only two legitimate tokens from that wallet are the two-month-old Urolithin A ($URO) and Rifampicin ($RIF). The rest, including Cocaine ($COKE) and Urolithin B, C, D, and E, are fraudulent. 

Pump Science is burying negative comments

Pump Science appears bothered by the reception to the hack, and is hiding comments from multiple users calling the project a scam and venting their frustration at the wallet exploit.

Users have called them “idiot grifters,” “a child,” and said, “If you carry your ‘investigations’ or ‘experiments’ in the same way you carry yourself in this matter, this so-called ‘Scify’ is doomed.”

The chemical tokens utilize a gif of their chemical structure. One of these fake tokens made it to a market cap of $45,600.

Read more: Shock! Two thirds of memecoins now ‘worthless’ says new research

Pump Science stated that it cannot change the compromised wallet address from the Pump Fun account. It’s changed the name of the Pump Fun profile to “@dont_trust” but it appears the hacker may be able to change it back tomorrow. 

As of yesterday evening, Pump Science warned that the attacker was still creating coins and stressed, “THESE TOKENS ARE FRAUDULENT.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.