pump.science Private Key Breach: The Full Story of Counterfeiting and Collapse
The attacker used this private key to issue fraudulent URO tokens on pump.fun, and community members mistakenly believed this was an official token issuance. However, the pump.science team did not address the misconception and did not take any remedial or compensatory actions for users who fell for the scam URO token.
Original Article Title: "pump.science Wallet Private Key Leak: An Ongoing Controversy"
Original Article Author: Karen, Foresight News
On the evening of November 25, a wallet address identified on pump.fun as the creator of RIF and URO tokens released the Urolithin B (URO) token, leading many community members to mistakenly believe it was an official token issued by pump.science. Urolithin B (URO) quickly "graduated" and within two minutes of joining the liquidity pool, its market capitalization briefly surged to $10 million. However, it soon began to plummet and is currently valued at around $100,000.
This event also appears to have affected the market performance of Urolithin A (URO) and Rifampicin (RIF), with both experiencing over a 30% drop in the following 24 hours. So, what exactly happened?
pump.science Wallet Private Key Leak
The root cause of the event was the leak of pump.science's wallet private key.
According to pump.science's official statement, due to an oversight in their GitHub repository, the wallet address T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was compromised, and the attacker found the key pair in the website's source code. This key pair was originally used for testing purposes in pump.science's GitHub from the start, and the development team did not realize its significance.
From the fraudulent URO token page that appeared on pump.fun last night, it can be seen that the wallet address deploying this fake token is indeed T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. The pump.fun platform indicates that this address had previously deployed the official Urolithin A (URO) and Rifampicin (RIF) tokens off-chain, with current market valuations of approximately $87 million and $37 million, respectively.
This fraudulent URO token was issued on-chain by the T5j2UBT prefix address with the leaked key pair. This is why it appears on pump.fun that the deployer of the official URO and RIF tokens released a new coin.
pump.science stated that the wallet in question is the creator of off-chain tokens marked as URO and RIF on pump.fun. The attacker may exploit this wallet to issue more tokens, and any other tokens issued by this wallet, aside from URO and RIF, should be considered fraudulent.
It is worth noting that the official stance of pump.science did not take any remedial or compensatory measures for users who mistakenly believed and bought the fraudulent URO tokens, which has sparked widespread community concern and debate.
pump.fun's Off-Chain Creation Feature Causes Confusion in Blockchain Explorer and Data Tools Display
Also adding to community confusion is the display of token creation in pump.fun and in blockchain explorers and data tools.
The official URO and RIF tokens from pump.science were created off-chain via pump.fun, while the fraudulent URO was created on-chain via pump.fun. However, the blockchain explorer solscan displays the deployer address for Urolithin A (URO) and Rifampicin (RIF) as: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ.
Next, let's first understand pump.fun's off-chain token issuance feature. On the pump.fun platform, off-chain token issuance is free, and the issued tokens are not immediately recorded on-chain until the first buyer appears. The first buyer needs to pay the issuance cost of the tokens. Therefore, for tokens created off-chain, the first buyer is often mistakenly identified as the token deployer by blockchain explorers like solscan or GMGN.
For example, after the official URO and RIF tokens were created off-chain, the wallet address of the first buyer, BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ, was erroneously flagged as the token deployer by solscan or GMGN.
Here, the author reminds investors to differentiate between tokens created on-chain and off-chain on pump.fun when investing in Meme tokens and to verify to avoid falling into scam traps. Additionally, caution should be exercised regarding any potential tokens issued by wallets leaked by pump.science starting with T5j2UBTvLY. Furthermore, it is hoped that platform operators and token deployers will enhance security measures to prevent such fraudulent activities from happening again.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
CBI Exposes Crypto scam Targeting Senior citizens of US and Canada
Tether CEO Sees $10 Billion in Profits for 2024
Ardoino outlined plans for the coming year, 2024, to continue growing Tether's investment portfolio, particularly in emerging technologies such as artificial intelligence.
80-year-old man loses 1 Million Indian Rupee in Digital Arrest Case
Michael Saylor Proposes Digital Assets Framework For US
The right to create and issue digital assets will be retained by issuers, but it will require them to make disclosures and act ethically.