Pump.fun has assured its users that its smart contracts are secure, and those affected by the incident will receive "100% of the liquidity" that was previously available within the next 24 hours.
The Solana memecoin creation tool has recently disclosed that a former employee exploited the company through a "bonding curve" attack, resulting in a loss of nearly $2 million.
According to pump.fun, the former-employee took advantage of their privileged position to gain access to a withdraw authority and compromise the internal systems of the protocol.
This unauthorized action led to the theft of $1.9 million from the total $45 million held in pump.fun's bonding curve contracts.
Although trading on the platform was temporarily halted, it has since resumed.
Pump.fun has emphasized the safety of its smart contracts and reassured impacted users that they will be fully compensated for their losses within the next 24 hours.
Before pump.fun made its statement, Igor Igamberdiev, the head of research at cryptocurrency market maker Wintermute, suggested that the hack occurred due to an internal private key leak, possibly connected to a user named "STACCoverflow."
STACCoverflow, in a
series of cryptic posts, claimed to be on the verge of making a significant impact and then facing legal consequences.
Pump.fun has stated that it is cooperating with law enforcement agencies in relation to the incident.
The alleged exploiter exploited flash loans on the Solana lending protocol Raydium to borrow SOL tokens, which were then used to purchase as many coins as possible.
By reaching 100% on the bonding curves, the exploiter gained access to the bonding curve liquidity and repaid the flash loans.
The attack occurred between 3:21 pm and 5:00 pm UTC on May 16, resulting in the theft of approximately 12,300 SOL tokens, equivalent to $1.9 million.
Pump.fun has assured users impacted during this timeframe that they will recover 100% or more of the liquidity they held prior to the attack.
