🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Pump Science apologizes after GitHub key leak leads to fraudulent tokens

In this post:

  • The DeSci platform Pump Science has warned its users not to trust any tokens launched using its Pump.fun profile.
  • Pump Science said it would never launch its tokens on Pump.fun.
  • While Pump Science holds BuilderZ partially responsible for the security breach, it does not think BuilderZ was the attacker.

Pump Science, a decentralized science platform, has apologized to its users after its private key was inadvertently exposed on GitHub. The leaked private key, T5j2UB…jjb8sc, allowed a ‘known attacker’ to hijack the wallet and create fraudulent tokens tied to its Pump.fun profile. 

In a series of X posts from November 25 to November 27, Pump Science disclosed the security breach on one of its wallet addresses and asked its users not to trust any tokens released on its Pump.fun profile. The platform even changed its Pump.fun profile name to “dont_trust” to warn users not to buy any newly launched tokens.

Pump Science revealed the security attack on one of its wallet addresses

The company clarified that the private key, T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc, linked to their Pump.fun profile, was compromised, allowing ‘the known attacker’ to launch fraudulent Urolithin (URO) and Rifampicin (RIF) tokens.  

Pump Science’s Benji Leibowitz, on November 27, in an X AMA session, said, “We do not want to diminish how much of a screw-up this was; we totally acknowledge that this is a huge issue and misstep on our part,” apologizing to the platform’s users.

Benji further guaranteed that such incidents would never occur again and stated that the platform would no longer release tokens on Pump.fun.

See also  Coinbase CEO says he will not work with firms hiring crypto opposers

Moreover, the DeSci platform has maintained that security will be its top priority. It plans to incorporate consultative and competitive audits on its application and smart contracts. Once all necessary audits are done, any new tokens will be launched next year.

It is even working with blockchain security firm Blockaid to track any new mints from the compromised address.

Pump Science has its suspicions on who the attacker could be

Pump Science pointed to BuilderZ, a Solana-based software company, as partly at fault for the incident. They blamed the firm for leaving the private key for the developer wallet “T5j2U…jb8sc” exposed in their GitHub repository and mistakenly believing it belonged to a test wallet.

However, they explained that, after analyzing the techniques used to launch tokens on Solana’s chain, they did not think BuilderZ was the attacker. 

Pump Science instead believes that the hacker could be the same person or group of people who hacked a wallet owned by James Pacheco, a founder of Solana-based commodity tokenization platform “elmnts.”

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan