Posted on

Crypto Post-Mortem: Here’s How Pump.Fun Was Exploited For $2 Million

Solana-based platform Pump.fun suffered an exploit that left the crypto community with many questions. The attack stole millions of dollars in users’ funds, but the reasons behind it and the exact amount of the loot were unclear. Amid the uncertainty, some claimed that a crypto Robinhood had emerged.

$80 Million Taken In Crypto Heist?

On Thursday, the platform Pump.fun announced its bounding curve contracts had been compromised. In the post, the team alerted users that all trading was temporarily halted while they investigated the incident.

Pump.fun is a trading platform created to “prevent rugs” by ensuring that all created crypto tokens are safe. The platform allows users to easily launch instantly tradeable tokens with no presale and no team allocation.

This solution became an extremely popular alternative among influencers and users who wanted to create tokens without the complexity or high costs of launching a project.

It uses bonding curve contracts for the tokens, a mathematical model that determines a token’s price based on supply, increasing with the number of tokens bought. After the token’s market capitalization reaches $69,000, part of the liquidity is deposited on Raydium to be burned.

Since the attack, the team has assured users that the contracts have been upgraded to prevent further fund loss, adding that the protocol’s total value locked (TVL) is safe.

However, the community’s reports were contradictory and alarming. Some users claimed the attacker had taken $80 million in crypto from the platform’s bonding curve contracts, which worried the affected users.

According to Lookonchain’s report, the hacker was quickly identified. At first, he pretended to be an unaware user, asking what the damages were. However, he later accused the platform’s founders of withdrawing the exact amount stolen a day prior.

crypto

An X user claimed the individual chose to “be a Robin Hood, dropping hacked cash to $SOL communities.” The attacker also stated in a post his desire to “change the course of history.” However, his “heroic outlaw” endeavors affected 1,882 addresses.

What Happened?

Despite the speculation and the attacker’s posts, it was later revealed that he was a Pump.fun ex-employee. In its post-mortem post, the platform’s team revealed that the individual had used their position to misappropriate funds from the bonding curve contracts.

The attacker illegitimately accessed the accounts after obtaining the private keys, “using their privileged position at the company.” The former employee used flash loans from Solana lending protocol to steal 12,300 SOL, worth around $1.9 million.

Per the post, he borrowed SOL to buy as many tokens as possible in Pump.fun. When the tokens hit 100% on their respective bonding curves, the attacker used the keys to access the bonding curve liquidity and repay the flash loans.

Fortunately, the attacker could only access $1.9 million out of the $45 million liquidity in contracts. Since then, the team has redeployed the bonding curve contracts and offered a plan to help affected crypto investors.

To make users whole, the team will “seed the LPs for each affected coin with an equal or greater amount of SOL liquidity that the coin had at 15:21 UTC within the next 24 hours.” Moreover, they are offering 0% trading fees for the next 7 days. As a user pointed out, this action is “non-trivial” since Pump.fun makes $1 million daily from fees.

crypto, TOTAL

Posted on

Solana Price Soars 10% As $325 Million Reinstated on Wormhole

The Solana price has been on an upswing ever since the bloodbath that followed DeFi’s largest hack of 2022. The Wormhole network stated that stolen money had been restored, giving Solana price some much-needed relief.

Related Reading | Solana price recovers from downtrend after $325 million restored on Wormhole network

After hours of being lost to what some call the largest DeFi hack, the crypto was restored. Jump Crypto’s currency-focused arm worked in tandem with other Quant trading firms, and together, they were able to restore all funds that hackers had stolen from investors last week.

Jump Crypto stated;

“we believes in a multichain future and that Wormhole is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.”

The firm’s decision to replace 120,000 Ether in support of community members on the Wormhole network revealed that hackers failed to refabricate stolen cryptocurrencies.

Yesterday’s exploit compromised $325 million worth of Ether, and the Wormhole network offered a 10-million dollar bounty for information on who did it. Unfortunately, the hacker still has access to these funds, meaning they have rejected the offer.

Related Reading | Wormhole Token Bridge Lost $321M In Crypto Heist

Solana Price Recovery From Bloodbath

The price of Solana dropped nearly 10% after news broke about the Wormhole exploit. The largest DeFi hack on Solana acted as a negative factor for this altcoin, heavily influenced by lousy publicity. 

A cryptocurrency analyst and trader widely followed for his accurate price predictions by investors of all sizes across the board, Johny noticed that Solana might be ready to make its next move up. Further, he noted an upward pattern developing within range lows before Ethereum killer could start its leg straight back down again.

“$SOL beautiful retest of range lows. Flip range highs and next leg upstarts. Haven’t seen this much strength from Solana in what feels like forever.”

Bitcoin’s fall to the $36,250 level triggered a dip for major altcoins. While most coins were red on Thursday, Solana also dipped nearly 10%. The larger market experienced a dip as well due to bitcoin’s movements.

What a difference a day makes! Solana dipped more than most of its counterparts in the top ten cryptocurrencies by market cap, but it charted an equally good recovery at press time.

After an attack on Wormhole, SOL dipped to as low as $94 on February 3. However, the price saw some recovery and even managed a decent pump before long.

The price of Solana is rising once again. As I’m writing these words, the currency had traded at $108 and presented 11.7% daily and 18.75% weekly gains.

Solana is currently trading at $108 with an 11.7% rise. Source: Tradingview.com

With trade volumes still maintaining low, some say that the spot markets are still too uncertain about investing in, but a decent price push could change investors’ mood for good.

Featured image from Pixabay, chart from TradingView.com

 

Posted on

Wormhole Token Bridge Lost $321M In Crypto Heist

Wormhole token bridge that links the Ethereum and Solana blockchains, seemingly an unimportant piece of tech for its function, lost over $321 million Wednesday afternoon.

This is the largest attack to date on Solana. A competitor to Ethereum that’s progressively gaining grip in the non-fungible token (NFT) and DeFi ecosystems. The $600 million Poly Network crypto heist was bigger, but it involved cryptocurrencies rather than blockchain technology, which may explain why critics call this new development “pretty historic.”

The heist occurred on Solana’s side. The discovery of a vulnerability on the Solana side has raised concerns that it could be similarly vulnerable to Wormhole’s bridge.

The Wormhole team announced that they would replenish the Ethereum (ETH) supply to make sure wETH is backed 1:1, but it’s not clear where those funds come from or when.

The assailant managed to hack into a smart contract and steal $321 million worth of wETH. The heist happened at 6:24 pm UTC on February 2nd when 120,000 wETH were minted by an attacker who then redeemed 93,750 wETH for ETH, equivalent to $256 million. These funds allowed them to buy SportX (SX), Meta Capital (MCAP), Finally Usable Crypto Karma (FUCK) & Bored Ape Yacht Club Token (APE).

With the remaining WETH swapped for USDS and SOL on Solana, the hacker now holds 432,662 SOL ($44 million) in Solana wallet.

CertiK, a smart contract auditing firm, reported potential vulnerabilities within Wormhole’s bridges to other blockchains in today’s press release. However, the report says that it “is possible” patches or upgrades could address these shared concerns.

Is Wormhole Lucky Enough As Poly Network?

The Wormhole team is serious about getting their money back. They’ve offered a $10M bug bounty, which they will pay out if anyone can find an exploit to return it.

“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details and returning the wETH you’ve minted. You can reach out to us at contact@certus.one.”

The Wormhole team is working hard to fix an exploit reported recently. Unfortunately, as of now, wETH tokens sent across the bridge are not yet redeemable while they strive in their effort.

Two smart contract exploits in a week. The first one was on Qubit Finance’s token bridge last Friday, and now this new vulnerability. It reminds us very much about Poly Network hack where they stole nearly $610 million from investors. Poly Network was lucky enough to get its funds back through whitehat hacker intervention.

Related Reading | Poly Network Confirms Hacker Has Returned Most Of The Stolen Crypto

Tech Giants Reviews on Token Bridge Heist

Vitalik Buterin’s warning that “fundamental security limits” on token bridges has come true by recent events. The frequency of smart contract hacks emphasizes his point about layer-1 blockchains being vulnerable. Moreover, hackers pillage other platforms for their gunfire fodder and attack routes into new territory without any defense against such tactics.

We reached out to Ali Qamar, Cyber Security Expert and PrivacySavvy founder, for comment on the hacker exploiting a security flaw to mint wETH without depositing any ETH themselves. The privacy education hub lead brain commented,

The heist is a reminder that the DeFi services’ security is yet to reach a level appropriate for the enormous amounts of funds being stored within them. Blockchain transparency seems to allow attackers to spot and exploit significant bugs.

What Is Token Bridge

Ether is the most popular blockchain network in use today, and it’s being looked at by many people who want to replace banks or lawyers when working with smart contracts. However, there are other options available such as Solana – which might be cheaper & faster depending on your needs.

The introduction of cross-chain bridges has made it easier than ever for Crypto holders to operate outside their ecosystem, with no limitations on where they send or receive cryptocurrencies from.

Related Reading | What Are Blockchain Bridges?

The Wormhole is a revolutionary new protocol that allows users to move their tokens and NFTs between Solana, Ethereum’s most popular smart contract platform.

Market tanks

Investor excitement about the potential for Solana’s network to become more widely used led it into the crypto top ten last year. The price of one token has increased by 1,600% since February 2021. The combined value reached an all-time high last year, with $78 billion worth.

Bitcoin price is 4% down since the recent heist. Source: Tradingview.com

However, the Solana value has fallen quickly since the recent crypto heist and currently trades at under $100 per token. Furthermore, the decline relates to a broader crypto market crash. The crash hit bitcoin and other major cryptocurrencies such as Ethereum or lite coin. As a result, their values have dropped significantly over time.

Featured image from Pixabay, chart from TradingView.com