header-langage
简体中文
繁體中文
English
Tiếng Việt
Scan to Download the APP

pump.science Private Key Breach: The Full Story of Counterfeiting and Collapse

24-11-26 15:14
Read this article in 7 Minutes
总结 AI summary
View the summary 收起
Original Article Title: "pump.science Wallet Private Key Leak: An Ongoing Controversy"
Original Article Author: Karen, Foresight News


On the evening of November 25, a wallet address identified on pump.fun as the creator of RIF and URO tokens released the Urolithin B (URO) token, leading many community members to mistakenly believe it was an official token issued by pump.science. Urolithin B (URO) quickly "graduated" and within two minutes of joining the liquidity pool, its market capitalization briefly surged to $10 million. However, it soon began to plummet and is currently valued at around $100,000.


This event also appears to have affected the market performance of Urolithin A (URO) and Rifampicin (RIF), with both experiencing over a 30% drop in the following 24 hours. So, what exactly happened?


pump.science Wallet Private Key Leak


The root cause of the event was the leak of pump.science's wallet private key.


According to pump.science's official statement, due to an oversight in their GitHub repository, the wallet address T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was compromised, and the attacker found the key pair in the website's source code. This key pair was originally used for testing purposes in pump.science's GitHub from the start, and the development team did not realize its significance.


From the fraudulent URO token page that appeared on pump.fun last night, it can be seen that the wallet address deploying this fake token is indeed T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. The pump.fun platform indicates that this address had previously deployed the official Urolithin A (URO) and Rifampicin (RIF) tokens off-chain, with current market valuations of approximately $87 million and $37 million, respectively.


This fraudulent URO token was issued on-chain by the T5j2UBT prefix address with the leaked key pair. This is why it appears on pump.fun that the deployer of the official URO and RIF tokens released a new coin.



pump.science stated that the wallet in question is the creator of off-chain tokens marked as URO and RIF on pump.fun. The attacker may exploit this wallet to issue more tokens, and any other tokens issued by this wallet, aside from URO and RIF, should be considered fraudulent.


It is worth noting that the official stance of pump.science did not take any remedial or compensatory measures for users who mistakenly believed and bought the fraudulent URO tokens, which has sparked widespread community concern and debate.


pump.fun's Off-Chain Creation Feature Causes Confusion in Blockchain Explorer and Data Tools Display


Also adding to community confusion is the display of token creation in pump.fun and in blockchain explorers and data tools.


The official URO and RIF tokens from pump.science were created off-chain via pump.fun, while the fraudulent URO was created on-chain via pump.fun. However, the blockchain explorer solscan displays the deployer address for Urolithin A (URO) and Rifampicin (RIF) as: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ.




Next, let's first understand pump.fun's off-chain token issuance feature. On the pump.fun platform, off-chain token issuance is free, and the issued tokens are not immediately recorded on-chain until the first buyer appears. The first buyer needs to pay the issuance cost of the tokens. Therefore, for tokens created off-chain, the first buyer is often mistakenly identified as the token deployer by blockchain explorers like solscan or GMGN.


For example, after the official URO and RIF tokens were created off-chain, the wallet address of the first buyer, BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ, was erroneously flagged as the token deployer by solscan or GMGN.


Here, the author reminds investors to differentiate between tokens created on-chain and off-chain on pump.fun when investing in Meme tokens and to verify to avoid falling into scam traps. Additionally, caution should be exercised regarding any potential tokens issued by wallets leaked by pump.science starting with T5j2UBTvLY. Furthermore, it is hoped that platform operators and token deployers will enhance security measures to prevent such fraudulent activities from happening again.


Original Article Link


欢迎加入律动 BlockBeats 官方社群:

Telegram 订阅群:https://t.me/theblockbeats

Telegram 交流群:https://t.me/BlockBeats_App

Twitter 官方账号:https://twitter.com/BlockBeatsAsia

This platform has fully integrated the Farcaster protocol. If you have a Farcaster account, you canLogin to comment
Choose Library
Add Library
Cancel
Finish
Add Library
Visible to myself only
Public
Save
Correction/Report
Submit