Just days after the rise of DeSci projects and the rallies of URO and RIF, the Pump Science platform announced that a problem in its GitHub repository resulted in a compromised launch wallet.
The wallet that launched URO and RIF, two of the hottest DeSci tokens, has been exposed and may produce additional scam tokens. The Pump Science platform explained the hack happened through its GitHub platform, where the hacked found a key pair in the source code. Commenters noted that previously, the same team explained a similar exploit due to a compromised website, leading to suspicions of a deliberate event near peak token valuations.
The current explanation for the exploit was that Pump Science believed the compromised wallet was inconsequential and used for testing purposes, therefore not worrying about putting a key pair on a GitHub source code repository. The team was aware of the key pair’s presence in the code, but believed the developer team behind URO and RIF would use another wallet for token generation.
However, it turned out to be the address linked to the generation of URO and RIF, the two trending DeSci tokens. The usage of the compromised address may be a personal mistake, connected to the way that Pump.fun treats free token generation events.
Both URO and RIF were first created on Pump.fun, before being deployed on Pump Science as DeSci tokens. The process on Pump.fun creates the tokens on its front end, then sends them to the chosen wallet. That wallet is then linked as the token creator, on the merit of receiving the very first transaction of the new meme asset.
The T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc wallet was exploited today from on oversight in our github repository. The exploiter was able to find the keypair in the source code of our website
This keypair has been in our github for testing purposes from the start and was…
— Pump Science (@pumpdotscience) November 25, 2024
The URO and RIF tokens are not compromised, and no significant amounts were stolen. The compromised wallet itself has not been drained, and contains several meme tokens valued above $73,783. However, Pump Science warned the same wallet may be used to generate tokens that look legitimate, due to having the same originating wallet.
According to the Pump Science community, the exposed wallet was already used to launch one legitimate-looking token, which was dumped for $54K in SOL in a single transaction. The wallet used to pump the fake URO was linked previously to the developer wallet, before the team noticed the GitHub exposure of its key pair.
URO traded around $0.03, down from $0.06 as of November 25. RIF sank to $0.07, after a recent rally to $0.16. Both tokens started tanking after the news, due to fears of a bigger exploit and direct asset losses.
DeSci is another Pump.fun trend
The DeSci trend is still in its early stages, aiming to mix the promise of scientific research with meme-like token appeal. The Pump Science presented itself as a fair experiment, tying the token price to real testing. The team raised some doubts about its scientific skill. In the end, Pump Science turned into a producer of Pump.fun livestreams, aiming to boost the price of URO and RIF to predetermined price levels.
The fear of compromised tokens may be overblown, as DeSci assets are minted by the dozen. The DeSci trend, despite being considered more serious, is also using the Pump.fun platform, creating multiple look-alike tokens based on the Urolithin and other life-extension molecules.
The Pump Science team has already raised doubts on its ability to do real science. Exposing its own dev wallet in plain sight was the surprising explanation, and users were also suspicious of insider exploits.
Pump Science already warned with a message on X that it would not be launching any new tokens, except URO and RIF on its gamified platform. For a project aiming to revolutionize science and produce life-extension pharmaceuticals, Pump Science took the easy route of just creating a meme with a sense of FOMO in its livestreams.
DeSci tokens in total are valued just under $700M. URO and RIF are among the top tokens, but lag behind OriginalTrail (TRAC) and are now seen as potentially compromised rug-pull tokens, despite not crashing immediately. At this point, DeSci may be a mix of Pump.fun tokens and legitimate, long-running projects like Origin Trail. The leading TRAC token helped raise more than $21M in an ICO presale, proving a more durable interest from investors compared to Pump.fun.
A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.