Solana Meme Coin Platform Pump.Fun Hit by Critical ‘Bonding Curve’ Exploit
Chaos erupted on the Solana blockchain’s meme coin platform Pump.Fun on Thursday, following an exploit that undermined the core technology responsible for issuing joke cryptocurrencies.
“We are aware that the bonding curve contracts have been compromised and are investigating the matter,” the project announced on their Twitter account just two hours into the fray. “We’ve paused trading – you cannot buy or sell any coins at the moment.”
07:59
The Evolution of Memes Beyond Internet Jokes
17:04
Investing in Memes: From GameStop to AMC, is Wall Street Still Winning?
04:51
Internet Hit ‘Tungsten Cube’ NFT Now Up for Auction on OpenSea
12:35
Meme Culture Propelling the Growth of ‘Memecoins’ in Asia
As noted by Pump.Fun, trading has been temporarily halted, but before the notification, users were left to speculate about the ongoing issues on the platform.
Details of the exploit were still emerging at the time of publication.
Sources involved in the initial stages of the investigation disclosed that the exploiter employed a combination of trading strategies to disrupt Pump.Fun and seemingly dominate the market for numerous meme coins. Interestingly, blockchain data indicates that the attacker did not amass a significant profit. These sources requested anonymity due to the preliminary nature of the investigation.
Pump.Fun, established a few months ago, is a niche platform for the creation and trading of meme coins on the Solana blockchain. It positions itself as a “fair launch” platform where investors can purchase joke tokens at their inception. While some coins achieve significant success for their investors, most fail before reaching a pivotal market cap of $69,000, at which point the tokens are widely circulated.
The exploit targeted the smart contracts on Pump.Fun responsible for issuing meme coins, as explained by insiders. The attacker manipulated the bonding curve by utilizing phantom SOL tokens obtained and repaid through a “flash loan.” This maneuver filled the bonding curves with non-existent SOL, making the tokens appear valuable without genuine buy-side interest.
On-chain investigators estimate the attacker caused losses amounting to $300,000 in SOL tokens. Instead of escaping with the funds, the attacker repaid the flash loans and distributed airdrop funds to other users, according to the sources.
