Solana memecoin creation tool pump.fun has claimed a former employee exploited the firm for nearly $2 million through a “bonding curve” attack. The ex-employee used their “privileged position” to access a “withdraw authority” and compromise the protocol’s internal systems, pump.fun alleged in a May 16 X post.
About $1.9 million was stolen from the total $45 million held in pump.fun’s bonding curve contracts. The platform temporarily paused trading but it is now back up and running. The pump.fun smart contracts “are safe,” and users impacted by the incident will receive “100% of the liquidity” that it previously had within the next 24 hours, pump.fun said.
Approximately 12,300 SOL, worth $1.9 million, was stolen in the attack, which pump.fun sai occurred between 3:21 pm and 5:00 pm UTC on May 16.
The Solana Memecoin Launchpad said users impacted between these hours would recover 100% or more of the liquidity held prior to the attack.
