Pump Science, a decentralized science (DeSci) launch platform in Solana, has disclosed a serious security breach involving one of its wallet addresses.
The wallet’s private key, identified as T5j2UB…jjb8sc, was inadvertently exposed by a developer who embedded it in the platform’s codebase.
The bug allowed attackers to hijack the wallet, leading to the unauthorized creation of tokens linked to Pump Science’s profile on the Pump.fun platform.
Fraudulent creation of tokens
In a November 26 post on X detailing the incident, the Pump Science team clarified that while the compromised wallet was never intended for token deployment, the attackers used it to launch fraudulent tokens of Urolitin A (URO) and Rifampicin (RIF), which they then used. sold to unsuspecting users.
Additionally, the attacker exploited the wallet to manipulate the witness’s perception. They locked URO-B tokens in the wallet, making it look like the Pump Science developers still had the assets. After the scam, they sold the tokens, leaving the investors with a loss.
The team has since declared all tokens created using the affected wallet scams. They have also warned the Solana community not to commit assets, confirming that the project’s Pump.fun profile should not be trusted for new token releases until further notice.
“Again, none of these tokens were released by our team. These tokens are fraudulent. Do not trust the PSScience Pump.fun profile.”
Interestingly, a blockchain analysis revealed that while the fake tokens appeared to be tied to the T5j wallet, the real developer wallet responsible for creating legitimate tokens like URO and RIF was BLDRZQ… 36KtuZ. The Pump Science team attributed the discrepancy to indexing errors in Pump.fun, which incorrectly linked token activities to the broken wallet.
Steps to recovery
The Pump Science team said it is working with security experts and Pump.fun to address the incident. It has also pledged to thoroughly audit its platform and related smart contracts to prevent such events from occurring in the future.
Other steps include halting the release of new tokens until the audit is complete, and only those explicitly announced on the project’s official social media channels are considered legitimate. The team also encouraged users to verify the origin of tokens using blockchain tools and promised updates on their progress in securing the platform.
At the time of writing, the RIF token had seen a 22.4% drop in its price in the last 24 hours. Over seven days, the fall was an even steeper 47.7%, putting it almost 72% below its all-time high price of $0.2478, reached on November 18.
The fate of URO was more serious, with a drop of almost 26% in 24 hours. Its current price of $0.029 is 51% lower than a week ago and almost 80% lower than its ATH reached on the same day as the RIF.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
LIMITED OFFER for CryptoPotato Readers on Bybit – Use this link to register and open a FREE $500 position with any currency!
Bitcoin 
Ethereum 
Tether 
Solana 
BNB 
XRP 
Dogecoin 
USDC 
Cardano 
Lido Staked Ether 
Avalanche 
TRON 
Toncoin 
Wrapped stETH 
Stellar 
Shiba Inu 
Wrapped Bitcoin 
Polkadot 
Chainlink 
Bitcoin Cash 
WETH 
Sui 
NEAR Protocol 
Pepe 
Uniswap 
LEO Token 
Litecoin 
Wrapped eETH 
Aptos 
Internet Computer 
Hedera 
USDS 
Cronos 
POL (ex-MATIC) 
Ethereum Classic 
Bittensor 
Ethena USDe 
Render 
Kaspa 
Arbitrum 
Artificial Superintelligence Alliance 
Celestia 
VeChain 
WhiteBIT Coin 
Dai 
Filecoin 
Bonk 
Stacks 
OKB 
MANTRA