Home / News / Crypto / Solana / Pump.fun “Exploiter” Jarett Dunn “Arrested” Over $1.9 Million Hack
Solana
5 min read

Pump.fun “Exploiter” Jarett Dunn “Arrested” Over $1.9 Million Hack

Last Updated May 21, 2024 3:14 PM
Teuta Franjkovic
Last Updated May 21, 2024 3:14 PM
By Teuta Franjkovic
Verified by Peter Henn

Key Takeaways

  • A former pump.fun employee has been arrested and bailed in the UK in connection with a $1.9 million exploit.
  • Jarett Dunn denies the allegations and claims he is in hospital for mental health observation.
  • Pump.fun recovered from the attack and assures affected users will be fully compensated.

A former employee of memecoin creation and trading platform pump.fun who allegedly carried out a recent $1.9 million exploit, claims to have been arrested and charged .

On May 16, Twitter user “STACCoverflow,” who identified himself as Jarrett Dunn, took responsibilit y for the attack. Pump.fun alleges Dunn used a “privileged position” to access a “withdraw authority” and compromise the protocol’s systems. Meanwhile, Dunn says British police arrest him and charged him with the theft. He claims he is currently on bail.

Jarett Dunn Claims Arrest by Pump Team, Denies Theft Allegations

In a series of posts on May 18 from a different Twitter account, Dunn claimed he “spent overnight in custody” accused of stealing $1.9 million and conspiring to steal a further $80 million. He added that he was “released on bail and placed under mental health observation”.

Dunn stated that he was currently in hospital, using an iPad provided by the facility to post updates. He mentioned  that his mental health makes him potentially unfit for a police interview at present.

Dunn said  that the Canadian High Commission had contacted his family with “a list of lawyers”. However, he is currently unable to communicate with them until he regains access to his mobile phones and computers. He went on to claim that police seized two of his devices.

Dunn also noted that he still has his passport and that the authorities have not restricted him from leaving the country.

Dunn reportedly informed  another Twitter user, The Rollup, that he has to return to a police station on August 15. Additionally, it has been claimed that a private intelligence company tried to find Dunn in London.

In a separate Tweet, Dunn called  for British citizens to press charges against Baton Corporation, a company he claimed was linked to pump.fun. He also mentioned  that his bail conditions prohibit him from communicating with this company and its CEO.

 

The Metropolitan Police did not immediately respond to a request for comment.

Ex-Employee Steals $2M from Solana Memecoin Platform

The Solana memecoin creation tool, pump.fun, reported  that a former employee misused their access to siphon nearly $2 million through a “bonding curve” attack.

According to a tweet  on May 16 by pump.fun, the ex-employee exploited their privileged position to gain “withdraw authority” and disrupt the protocol’s internal systems. The hacker took $1.9 million from the $45 million held in pump.fun’s bonding curve contracts.

Following the incident, the platform briefly halted trading, but has since resumed normal operations. Pump.fun reassured users that the smart contracts were secure. It said it would reimburse affected users with “100% of the liquidity” they lost within 24 hours.

Before pump.fun’s announcement, Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, suggested  the hack resulted from an internal leak of a private key. He suspected that Twitter user “STACCoverflow” took part in the incident.

In a series of cryptic tweets, STACCoverflow claimed  they were “about to change the course of history. n [sic] then rot in jail.” In a separate post, they said: “I do not care, I am already fully doxxed.” Earlier, pump.fun said  that it was collaborating with police but did not identify the former employee involved. The company also did not immediately respond to a request for comment.

Solana Memecoin Platform Pump.fun Recovers

The hack on pump.fun unfolded when an exploiter used flash loans from Solana lending protocol, Raydium, to borrow SOL. According to  pump.fun, the exploiter used these tokens to “buy as many coins” as possible.

Once the coins reached 100% on their respective bonding curves, the exploiter was able to withdraw the bonding curve liquidity and repay the flash loans. Pump.fun reported that it lost approximately 12,300 SOL, valued at $1.9 million, during the incident, which happened between 3:21 pm and 5:00 pm UTC on May 16.

Was this Article helpful? Yes No