Pump Science apologizes after GitHub key leak leads to fraudulent tokens

Pump Science, a decentralized science platform, has apologized to its users after its private key was inadvertently exposed on GitHub. The leaked private key, T5j2UB…jjb8sc, allowed a ‘known attacker’ to hijack the wallet and create fraudulent tokens tied to its Pump.fun profile. 

In a series of X posts from November 25 to November 27, Pump Science disclosed the security breach on one of its wallet addresses and asked its users not to trust any tokens released on its Pump.fun profile. The platform even changed its Pump.fun profile name to “dont_trust” to warn users not to buy any newly launched tokens.

Pump Science revealed the security attack on one of its wallet addresses

The company clarified that the private key, T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc, linked to their Pump.fun profile, was compromised, allowing ‘the known attacker’ to launch fraudulent Urolithin (URO) and Rifampicin (RIF) tokens.  

Pump Science’s Benji Leibowitz, on November 27, in an X AMA session, said, “We do not want to diminish how much of a screw-up this was; we totally acknowledge that this is a huge issue and misstep on our part,” apologizing to the platform’s users.

Benji further guaranteed that such incidents would never occur again and stated that the platform would no longer release tokens on Pump.fun.

Moreover, the DeSci platform has maintained that security will be its top priority. It plans to incorporate consultative and competitive audits on its application and smart contracts. Once all necessary audits are done, any new tokens will be launched next year.

It is even working with blockchain security firm Blockaid to track any new mints from the compromised address.

Pump Science has its suspicions on who the attacker could be

Pump Science pointed to BuilderZ, a Solana-based software company, as partly at fault for the incident. They blamed the firm for leaving the private key for the developer wallet “T5j2U…jb8sc” exposed in their GitHub repository and mistakenly believing it belonged to a test wallet.

However, they explained that, after analyzing the techniques used to launch tokens on Solana’s chain, they did not think BuilderZ was the attacker. 

Pump Science instead believes that the hacker could be the same person or group of people who hacked a wallet owned by James Pacheco, a founder of Solana-based commodity tokenization platform “elmnts.”

From Zero to Web3 Pro: Your 90-Day Career Launch Plan


Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0


PRC Comment Policy

Your comments MUST BE constructive with vivid and clear suggestion relating to the post.

Your comments MUST NOT be less than 5 words.

Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.

Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.

Constructive REPLY to comments is allowed

Leave a Reply