pump.science Wallet Private Key Leak: An Unfinished Storm

An unfinished storm.

Author: Karen, Foresight News

On the evening of November 25, the Addressissuance Urolithin B (URO) Token, which was marked on the pump.fun as the creator of RIF and URO, made many community members mistakenly believe that it was the official issuance token of pump.science. Urolithin B (URO) quickly "graduated" and within two minutes of being added to the liquidity pool, its Market Cap soared to $10 million, but then began to continue to decline, and the Market Cap has now fallen back to about $100,000.

This event also seems to have affected the market performance of Urolithin A (URO) and Rifampicin (RIF), both of which fell more than 30% within 24 hours. So what's going on?

pump.science Wallet private key pair leaked

The incident was caused by the leakage of the wallet private key of pump.science.

According to the official disclosure from pump.science, due to an oversight in its GitHub repository, the WalletAddress T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was attacked, and the attacker found the Secret Key pair in the website's Source Code. The Secret Key pair was originally used for testing purposes in the GitHub of pump.science from the beginning, and the development team was not aware of its importance.

From the scam URO Token page that appeared on pump.fun last night, it can be seen that the Wallet Address that deployed this fake Token is T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. According to the pump.fun platform, this Address has off-chain deployed the official Tokens Urolithin A (URO) and Rifampicin (RIF), with current market capitalizations of approximately 87 million USD and 37 million USD, respectively.

The fraudulent URO Token this time was issued on-chain using the Address beginning with T5j2UBT, which leaked the Secret Key. That's why it appears on pump.fun that the official deployer of URO and RIF Tokens released new coins.

pump.science indicates that the Wallet is marked as the off-chain Token creator for URO and RIF on pump.fun, and attackers may exploit this Wallet to issue more Tokens. In addition to URO and RIF, any other Tokens issued by this Wallet should be considered fraudulent.

It is worth noting that the official pump.science has not taken any remedial or compensatory measures for those users who were deceived and dumb buying URO Tokens, which has caused widespread follow and discussion in the community.

pump.fun off-chain creation function causes confusion in blockchain browsers and data tools display.

The pump.fun, blockchain browser, and data tool creators displayed in the community have also caused confusion.

The official URO and RIF Token of pump.science are created off-chain through pump.fun, while the fraudulent URO is created on-chain through pump.fun. However, the blockchain explorer solscan shows that the deployer Address of Urolithin A (URO) and Rifampicin (RIF) is: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ.

Next, let's first understand the off-chain launch coin function of pump.fun. On the pump.fun platform, off-chain launch coin is free, and it will not be recorded on-chain immediately after token issuance until the first buyer appears. The first buyer needs to pay for the token issuance cost. Therefore, for tokens created off-chain, the first buyer is often mistakenly recognized as the deployer of the token by blockchain browsers such as solscan or GMGN data tools.

For example, after the official URO and RIF Token are created off-chain, the WalletAddress BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ of the first buyer is mistakenly marked as the deployer of the Token by solscan or GMGN.

Here, the author reminds investors to distinguish and verify the tokens created on-chain and off-chain on pump.fun when investing in Meme Tokens, in order to prevent falling into scams. In addition, it is also necessary to remain vigilant about any potential tokens starting with T5j2UBTvLY leaked by pump.science Walletissuance. At the same time, we also hope that the platform and token deployers can enhance security measures to prevent such fraudulent activities from happening again.