The Solana blockchain's red-hot meme coin factory Pump.Fun descended into chaos Thursday at the hands of an exploiter who compromised the tech central to its issuance of joke cryptocurrencies.

"We are aware that the bonding curve contracts have been compromised and are investigating the matter," the months-old project's Twitter account announced two hours into the chaos. "We’ve paused trading – you cannot buy and sell any coins at the moment."

The Commercial Argument For Bitcoin

07:59

The Meme is More Than an Internet Joke

17:04

Meme Investing: From GameStop to AMC, Did Wall Street Still Win?

04:51

Internet Sensation ‘Tungsten Cube’ NFT Now Available Via Auction on OpenSea

12:35

Meme Culture Driving Rise of ‘Memecoins’ in Asian Markets

Trading has been paused for now, according to Pump.fun, but prior to the announcement, traders were left to speculate on what was happening on the platform.

Details of the attack were still coming together at press time.

According to people who are helping with the early stages of the investigation, an exploiter was using a combination of trading tactics to overwhelm Pump.fun and seemingly corner the market for dozens of meme coins. Oddly, on-chain evidence suggests the attacker was not making much of a profit. The people spoke with CoinDesk on the condition of confidentiality since the inquiries are still preliminary.

Pump.fun is a months-old project for creating and gambling on meme coins on the Solana blockchain. It advertises itself as a "fair launch" platform where investors can buy into joke tokens in their earliest moments. Coins sometimes hit it big for their investors, but most implode before they reach the critical market cap of $69,000 where tokens get released into the wild.

Thursday's exploit hit smart contracts responsible for issuing the meme coins on Pump.Fun curve, people said. The attacker tricked the platform's bonding curve into accepting phantom SOL tokens they had borrowed and quickly repaid in what's known as a "flash loan." This resulted in the bonding curves filling up with nonexistent SOL, making tokens look valuable despite no real buy-side interest.

The attacker has caused losses of $300,000 in SOL tokens, according to on-chain researchers. Rather than run off with the money, they used it to repay the flash loans and airdrop funds to other people, the people said.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Solana Meme Coin Factory Pump.Fun Compromised by 'Bonding Curve' Exploit

The exploiter may not be making any money from the attack.

The Commercial Argument For Bitcoin