Pump.fun exploiter doxxed himself then took credit with bizarre tweets
Pump.fun, a Solana-based platform that promises you can ‘launch a coin that is instantly tradeable’ was exploited for approximately $2 million worth of Solana by a hacker who seemed to subsequently promise to distribute the exploited funds to other Solana users.
According to pump.fun, “the TVL in the protocol right now is safe” and “if you have ever connected your wallet to http://pump.fun, your wallet is safe.”
An X (formerly Twitter) user with the username STACCoverflow, who has previously posted images suggesting their name is Jarett Reginald S Dunn, appears to have taken credit for the exploit in a series of unusual posts.
In this series of tweets, he claims that the exploited funds will end up being distributed to people who hold other tokens.
Various users on X have claimed to receive distributions but it’s not clear what criteria are being used to distribute the tokens.
The exploit took advantage of flash loans to quickly overwhelm certain bonding curves on the platform.
Read more: US indicts Ethereum validators for exploiting MEV trader
A review of the pump.fun website doesn’t appear to include security audits for the contracts that were exploited or the contracts that were deployed to replace them.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.