Pump.fun exploiter doxxed himself then took credit with bizarre tweets

10:08 AM • May 17, 2024

Pump.fun, a Solana-based platform that promises you can ‘launch a coin that is instantly tradeable’ was exploited for approximately $2 million worth of Solana by a hacker who seemed to subsequently promise to distribute the exploited funds to other Solana users.

According to pump.fun, “the TVL in the protocol right now is safe” and “if you have ever connected your wallet to http://pump.fun, your wallet is safe.”

An X (formerly Twitter) user with the username STACCoverflow, who has previously posted images suggesting their name is Jarett Reginald S Dunn, appears to have taken credit for the exploit in a series of unusual posts.

And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x
— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024

In this series of tweets, he claims that the exploited funds will end up being distributed to people who hold other tokens.

Various users on X have claimed to receive distributions but it’s not clear what criteria are being used to distribute the tokens.

The exploit took advantage of flash loans to quickly overwhelm certain bonding curves on the platform.

1. slerf holders 2. stacc holders 3. saga holders 4. risklol holders. This ~80m airdrop may cause a solana fork n it may cause an awful lot of sourpuss rich kids everywhere but it certainly stops the evil here. Probably shoulda went for the bonuses, eh? /x
— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024

A review of the pump.fun website doesn’t appear to include security audits for the contracts that were exploited or the contracts that were deployed to replace them.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.