Michaela Alvez
Pump Science, the decentralized science (DeSci) platform, has experienced a major security breach after its private key was leaked, leading to unauthorized token minting and substantial damage to its reputation.
Pump Science’s private key was accidentally exposed on its GitHub codebase, allowing attackers to gain control of the platform’s Pump.fun crypto wallet. The breach led to the creation of fraudulent tokens, including Urolithin B through E and Cocaine ($COKE), under the platform’s name.
Pump Science initially launched two legitimate tokens, Urolithin A ($URO) and Rifampicin ($RIF), through its Pump.fun profile, both of which were tied to the platform’s longevity research projects.
The counterfeit tokens misled users into believing they were legitimate, causing the value of the genuine coins to drop by more than 25%, signaling a significant decline in community trust and confidence.
How Did the Breach Happen?
Pump Science shared a detailed report on X, attributing the breach to an oversight by BuilderZ, the Solana-based development team responsible for the platform.
The developers mistakenly left the private key for the Pump.fun wallet in the GitHub repository, believing it to be associated with a test wallet. While the account was not initially intended to serve as the primary wallet, a flaw in the platform’s free token creation feature linked it to Pump.fun’s official profile. This error made the fraudulent tokens appear legitimate to users.
Pump Science Responds
In response to the breach, Pump Science issued a warning advising users to refrain from engaging with any new tokens created under its Pump.fun profile or linked wallet. To enhance security, the platform partnered with blockchain security firm Blockaid to monitor and flag any new mints or transactions originating from the compromised address.
Pump Science also announced that it will only launch new tokens after conducting a comprehensive audit of its app and smart contracts.
The platform has received significant criticism from its community, with users accusing it of negligence and voicing frustration over the absence of sufficient security measures to prevent the breach.
In the world of DeFi, private keys are critical for securing access to digital wallets and managing transactions, but the responsibility for safeguarding these keys often falls solely on the developers and platforms themselves.
A Q3 2024 report from blockchain security firm CertiK revealed that over $750 million was lost to Web3 security breaches across 155 incidents. This brings the total value stolen in 2024 to nearly $2 billion, a 9.5% increase from Q2.
As the DeFi space continues to grow, the need for more robust security practices has never been more critical to sustaining trust and preventing future breaches.
Read More
- DeFi Projects Under Attack: EigenLayer Loses Nearly $6M While K9 Finance Reveals Security Threat
- $1.7 Million Drained from Bedrock DeFi UniBTC Pool in Suspected Attack
- Top Crypto Trends 2024: AI, DeFi, MEME, L2 Dominate; Chain Abstraction Surges
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
