🎁 Exclusive offer: Get EXTRA Bits and Celebrate Bybit's 6th Birthday With $2.2M Prize Pool. Act Now!

Pump Science’s Nightmare: Exposed Private Key Leads to Counterfeit Tokens

Key Takeaways

  • Pump Science suffered a major breach after private keys were leaked on GitHub, leading to the creation of counterfeit tokens;
  • The team has partnered with Blockaid, renamed its profile, and pledged to never launch tokens on Pump.fun again;
  • BuilderZ's mistake highlighted critical gaps in key management, prompting Pump Science to announce audits and bug bounty initiatives.
Pump Science’s Nightmare: Exposed Private Key Leads to Counterfeit Tokens

A major security breach at the decentralized science (DeSci) platform Pump Science led to a public apology after private keys linked to its Pump.fun profile were exposed on GitHub

This breach enabled a hacker to exploit the vulnerability by creating counterfeit tokens, including Urolithin B to E (URO) and Cocaine (COKE).

Users were warned to avoid purchasing tokens launched from the compromised Pump.fun profile, as the team did not authorize these.

What is Algorand? ALGO Coin Explained With Animations

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

During a November 27 ask-me-anything (AMA) session on X, Pump Science representative Benji Leibowitz addressed the severity of the situation. “We do not want to diminish how much of a screw-up this was, we totally acknowledge that this is a huge issue and misstep on our part”, he stated.

Leibowitz emphasized that such an incident would not recur before committing:

We’re never gonna launch tokens on pump.fun ever again.

The mishap was partially attributed to Solana SOL $188.14 -based software developer BuilderZ, which mistakenly left private keys for the developer wallet “T5j2U…jb8sc” in its GitHub codebase. BuilderZ had assumed the keys were linked to a test wallet rather than the actual development wallet.

However, Pump Science ruled out BuilderZ as the attacker, citing differences in how the counterfeit tokens were launched on the Solana blockchain.

The platform presumes the culprit may be connected to an earlier attack on James Pacheco, co-founder of the Solana-based commodity tokenization platform elmnts.

Following the incident, Pump Science partnered with blockchain security firm Blockaid to monitor and flag suspicious token mints originating from the compromised wallet address. They also renamed its Pump.fun profile to “dont_trust” to deter further purchases of illegitimate tokens.

Pump Science has announced a full audit of its application and front end, as well as the introduction of bug bounties for identifying vulnerabilities in future releases.

While Pump Science is taking steps to rebuild trust, the crypto space continues to witness high-profile controversies. Recently, a former Fortnite pro faced accusations of orchestrating a $3.5 million memecoin scam. How did a gaming star become the center of a crypto scandal? Read the full story.

Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.

Loading...
Bybit
×
Verified

$30,000 IN REWARDS

Bybit Black Friday Deal
5.0 Rating