The alleged mastermind behind the Solana memecoin protocol pump.fun exploit has been apprehended in London.
According to Blockworks, citing sources familiar with the operation, British authorities arrested Jarett Dunn, a former contractor known online as @STACCoverflow, in the early hours of May 18.
The arrest is said to have come following a meticulous 26-hour intelligence operation initiated by a third-party stakeholder who had hired a private intelligence firm. The operation leveraged social media posts and other publicly available information to track Dunn’s whereabouts in London.
Local operatives, or “auxiliaries,” were reportedly deployed in a massive search that eventually led them to the Middle Eight Hotel in Covent Garden. Dunn was found in a room at the hotel and taken into custody seven hours later.
Interestingly, the timing of his arrest coincided with his last social media post on X, where he hinted at his identity with the username @STACCoverflow, a play on the French phrase “j’arrête” (meaning “I’m done”) and his real name, Jarett.
After his arrest, Dunn was released on bail, according to his own post on X and confirmation from the intelligence firm.
He is expected to remain in the UK until his court appearance, reportedly scheduled for August.
The pump.fun platform, which simplifies token launches on the Solana (SOL) network, was exploited on May 16, resulting in a loss of over 12,300 SOL valued at approximately $2 million at the time.
The attacker used flash loans from Raydium, a Solana lending protocol, to carry out the exploit. Flash loans are decentralized finance (defi) tools that allow users to borrow large amounts of capital.
In this case, the attacker manipulated the pump.fun bonding curves, a mechanism that sets token prices based on supply.
By reaching 100% on these curves, the hacker accessed and withdrew liquidity meant for Raydium, then repaid the flash loan, making off with substantial profits.
Following the incident, pump.fun started working with law enforcement to investigate the breach.
Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, was among the first to suggest that an internal private key leak might have facilitated the hack. Subsequently, Dunn, under the alias @STACCoverflow, admitted his role in the exploit, posting a series of erratic tweets where he expressed a desire to “change the course of history” and openly discussed his mental health struggles and grief over his mother’s death.
He also asserted that the stolen funds would be distributed to holders of various Solana tokens.
Dunn’s posts indicated that at least seven individuals were entitled to these payouts, though he did not provide specifics about the distribution process or deadlines.
His messages also suggested a motive driven more by emotional distress than financial gain.