Ex-employee behind the $2 million pump.fun exploit demands $100,000 payouts to each contributor, excluding founders, while threatening to burn the stolen funds.
An attacker behind pump.fun, a Solana-based launchpad for memecoins which lost nearly $2 million after a former employee gained admin privileges, is threatening to burn the stolen funds if the project’s management team fails to distribute $100,000 to contributors.
In an X post on May 17, the exploiter known as “Stacc” stated their willingness to burn the stolen tokens if the pump.fun team doesn’t release $100,000 “to each and every non-founder that has contributed to pump at any point.”
Though the identities of those who contributed to the project remain undisclosed, Stacc asserts that at least seven individuals are entitled to these payments. However, Stacc provided no specifics regarding the distribution process or deadlines for the payouts. As of press time, the pump.fun team had not issued any public statements regarding the matter.
According to a post-mortem analysis by pump.fun, a former employee, whose identity remains undisclosed, leveraged their “privileged position” within the company to misappropriate over 12,000 SOL tokens, valued at approximately $2 million, through a series of manipulations with the project’s smart contracts. The pump.fun team has committed to reimbursing affected users, waiving trading fees for the next seven days.
As crypto.news previously reported, Stacc acknowledged involvement in the incident via social media, citing personal grievances, including the loss of their mother, and “horrible bosses” as factors motivating the exploit. Experts express concerns over the potential repercussions of this exploit on the meme coin ecosystem within Solana, particularly given pump.fun’s significant presence in this market.