Pump.Science Wallet Private Key Leak Leads to Fraudulent Tokens

27-11-2024 By: Deep Upadhyay
Pump.Science Wallet

Pump.Science Security Breach: Private Key Leak and Fraudulent Tokens

Pump.Science, a DeSci launch platform on Solana, has confirmed a critical breach involving the private key of its wallet, T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. The leak was attributed to an oversight in the platform's GitHub repository, where the wallet's private key was left exposed in the code base. This wallet was used for creating legitimate Urolithin A (URO) and Rifampicin (RIF) tokens, but the attacker exploited it to issue unauthorized tokens.

Fraudulent Tokens Cause Market Confusion

The breach has led to significant confusion among community members. On November 25, the compromised wallet issued Urolithin B (URO), misleading users into believing it was an official Pump.Science release. The token's value initially skyrocketed to $10 million within minutes of entering the liquidity pool but later collapsed to approximately $100,000.

The incident has also negatively impacted the market performance of Pump.Science's legitimate tokens. Urolithin A (URO) and Rifampicin (RIF) have each seen their values drop by over 25% in the last 24 hours.

At the time of writing, Urolithin A (URO) was trading at $0.03044, after an intraday drop of 25.48% with $30.43M in market cap and $12.66M in 24-hour trading volume. Rifampicin (RIF), alternatively, declined by 24.81% in a day, currently hovering at $0.07041, with $70.38M in market cap and $97.57M in 24-hour volume.   

Pump.Science has issued a clear warning: “None of these tokens were launched by our team. These tokens are fraudulent.” The team advises users not to trust any tokens deployed from the compromised wallet or the associated pump.fun profile.

Oversight in GitHub Repository Led to Key Exposure

The wallet key pair, originally intended for testing purposes, was mistakenly included in the Pump.Science GitHub repository. The attacker exploited this oversight to deploy fraudulent tokens. Given that the compromised wallet had previously been used to create legitimate Urolithin A (URO) and Rifampicin (RIF) tokens, the fraudulent URO token was misleadingly displayed as an official release on the pump.fun platform.

The breach underscores the importance of stringent security measures, especially for decentralized science and blockchain-based platforms. Pump.Science continues to investigate the incident and has urged the community to exercise caution when dealing with tokens associated with the compromised wallet.

Also read: Spell Wallet Daily Puzzle 27 November 2024: Earn Reward of 1 MANA
QUAL È LA TUA OPINIONE?
Notizie Correlate
Blog Correlati