Pump.fun, a platform based on Solana, reported a loss of approximately $2M due to a flash loan attack. The hacker exploited Pump.fun’s bonding curve contracts by leveraging flash loans that allow borrowing large sums of money without collateral, as long as one pays within a single transaction.
A crucial factor in the exploit was the apparent compromise of the private key associated with Pump.fun’s service account, 5PXxuZ. This account typically handles the movement of liquidity from the bonding curve to Raydium, a decentralized exchange on Solana.
The service accounts 5PXxuZ works by withdrawing liquidity from the bonding curve and depositing it into Raydium. That was not the case during the hack, 5PXxuZ went ahead to withdraw liquidity from the curve and returned enough SOL to the hackers to repay the flash loan. Rather than adding liquidity to Raydium as expected, it and donation to a random account
The team later announced to the public that they had seized all trading activities and any coins that were in the process of moving to Raydium would be on hold for some time.
Also Read: Tether Partners With Oobit and TON for Crypto Payments
