Pump.fun, a platform specializing in launching and promoting memes, lost nearly $2 million in SOL. The hacker turned out to be a modern-day Robin Hood: he didn’t just steal the funds; he randomly distributed them to meme coin holders on Solana.
STACCoverflow, the altruistic hacker behind the recent $2 million SOL giveaway, revealed his motives, citing profound grief after his mother’s death. He stated that he is ready “to change the course of history” and then “rot in jail.” He also hinted that he might force Solana to fork.
Hacker expresses no regret over his actions. Source: X
The community quickly speculated that STACCoverflow might be a developer at Pump.fun who exploited a leaked private key for the attack. Most commenters expressed admiration for his actions, condolences for his loss, or gratitude for the unexpected windfall.
Some users received substantial amounts. Source: X
Inspired by the hacker's generosity, a Pump.fun hater known as BunkerFuts launched his own meme coin, BunkerFuts. According to Dexscreener.com, the token's value skyrocketed 20-fold within a few hours before inevitably crashing to near zero.
X users show support for the hacker. Source: X
Sounds familiar, doesn’t it? Nowadays, almost any trending event can spark the creation of a new meme coin, as people try to cash in on the buzz.
Pump.fun’s developers quickly announced that they are working to fix the vulnerability.
Platform developers are addressing the vulnerability issue. Source: Х
The Pump.fun Hack Scheme
STACCoverflow used the crypto lending platform MarginFi to carry out a flash loan attack on Pump.fun. He requested loans from all available pools on the platform, except those created using the Raydium protocol, to which he had no access. The SOL tokens in these pools were then withdrawn and randomly distributed to various wallets. As a result, Pump.fun users received between 1 and 1,000 SOL.
The platform representatives confirmed that the total loss was 12,300 SOL ($1.9 million). They also acknowledged that STACCoverflow was a former employee who used his position to gain unauthorized access to the funds.
The Pump.fun team issued an official statement saying that the compromised contract has been updated to prevent further theft. All transactions on the platform are currently suspended until the security issue is resolved.
At the moment, it is not possible to buy or sell tokens on Pump.fun.
The project representatives assure users that the protocol's contracts are secure and promise to offer commission-free trading for seven days as compensation.
Well, that's what sometimes happens: you create decentralized blockchains and protocols on smart contracts, and then a former employee with access codes brings everything crashing down.