Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
pump.science Wallet Private Key Leak: An Unfinished Storm

pump.science Wallet Private Key Leak: An Unfinished Storm

ChaincatcherChaincatcher2024/11/26 19:11
By:Foresight News

An unfinished storm.

Author: Karen, Foresight News

On the evening of November 25, an address marked as the creator of RIF and URO on pump.fun issued Urolithin B (URO) tokens, leading many community members to mistakenly believe that this was an official token issued by pump.science. Urolithin B (URO) quickly "graduated," and within two minutes of joining the liquidity pool, its market capitalization soared to $10 million, but then began to decline continuously, and its market cap has now fallen back to about $100,000.

This incident also seems to have affected the market performance of Urolithin A (URO) and Rifampicin (RIF), both of which dropped over 30% within 24 hours. So, what exactly happened?

pump.science Wallet Key Pair Leaked

The incident was triggered by the leak of the wallet key pair of pump.science.

According to official sources from pump.science, due to a lapse in their GitHub repository, the wallet address T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was attacked, and the attacker found the key pair in the source code of the website. This key pair was initially used for testing purposes in pump.science's GitHub, and the development team did not realize its importance.

From the scam URO token page that appeared on pump.fun last night, it can be seen that the wallet address deploying this fake token is indeed T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. The pump.fun platform shows that this address had previously deployed the official tokens Urolithin A (URO) and Rifampicin (RIF), which currently have market caps of approximately $87 million and $37 million, respectively.

The scam URO token was issued on-chain by the address starting with the leaked key pair T5j2UBT. This is why it shows on pump.fun that the deployer of the official URO and RIF tokens released the new coin.

pump.science Wallet Private Key Leak: An Unfinished Storm image 0

pump.science stated that this wallet was marked on pump.fun as the off-chain token creator for URO and RIF, and the attacker may use this wallet to issue more tokens. Any other tokens issued by this wallet, besides URO and RIF, should be considered scams.

It is worth noting that pump.science has not taken any remedial or compensatory measures for users who were misled and purchased the scam URO tokens, which has sparked widespread concern and discussion in the community.

Confusion in Token Creator Display on pump.fun and Blockchain Explorers

Another source of confusion for the community is the display of token creators on pump.fun and blockchain explorers and data tools.

The official URO and RIF tokens were created off-chain through pump.fun, while the scam URO was created on-chain through pump.fun. However, the blockchain explorer solscan shows that the deployer addresses for Urolithin A (URO) and Rifampicin (RIF) are: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ.

pump.science Wallet Private Key Leak: An Unfinished Storm image 1

pump.science Wallet Private Key Leak: An Unfinished Storm image 2

Next, let's understand the off-chain token creation feature of pump.fun. On the pump.fun platform, off-chain token issuance is free, and the tokens will not be recorded on-chain until there is a first buyer. The first buyer needs to pay the issuance cost of the tokens. Therefore, for tokens created off-chain, the first buyer is often mistakenly identified as the token deployer by blockchain explorers like solscan or data tools like GMGN.

For example, after the official URO and RIF tokens were created off-chain, the wallet address of the first buyer, BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ, was incorrectly marked as the token deployer by solscan or GMGN.

Here, I remind investors to distinguish between tokens created on-chain and off-chain on pump.fun and verify them to avoid falling into scam traps when investing in Meme tokens. Additionally, it is important to remain vigilant about any potential tokens issued by wallets starting with T5j2UBTvLY that were leaked from pump.science. At the same time, we hope that the platform and token deployers can enhance security measures to prevent such scams from happening again.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Senate Banking Committee cancels confirmation vote for SEC’s Caroline Crenshaw

In the meantime, Trump will name either Commissioner Hester Peirce or Mark Uyeda as acting chair

Blockworks2024/12/18 20:22