Pump Science, a decentralized science (DeSci) platform, has issued a public apology after a major security incident where its private key was inadvertently leaked on GitHub. This exposed key allowed a hacker to create fraudulent tokens under the platform’s Pump.fun profile, including tokens such as Urolithin B and Cocaine. The attack has raised significant concerns, as users were misled into believing the fraudulent tokens were legitimate creations from the platform. The company openly acknowledged the mishap, with Benji Leibowitz, a representative of Pump Science, stating during an AMA session on Nov. 27 that this was a significant mistake.
In response to the breach, Pump Science acted quickly to mitigate the damage by renaming its Pump.fun profile to “dont_trust” in order to warn users about the compromised address. The company also clarified that the fraudulent tokens were not created by their team and advised the community not to trust any new tokens launched from the compromised wallet. To enhance security moving forward, Pump Science has partnered with blockchain security firm Blockaid, which is actively flagging any new tokens minted from the affected address.
Pump Science partly blamed the Solana-based software firm BuilderZ for leaving the private key exposed in its GitHub codebase. The company clarified that the private key, which had been assumed to belong to a test wallet, was linked to the developer wallet and left unprotected. However, the DeSci platform emphasized that the attacker could not have been BuilderZ, as the method used to mint tokens on the Solana chain did not align with the firm’s processes. There are also suspicions that the hacker behind this breach might be the same person or group responsible for a previous attack on a wallet owned by James Pacheco, a founder at Solana-based commodity tokenization platform elmnts.
Looking ahead, Pump Science has committed to conducting a thorough audit of its platform and will be implementing stronger security measures. As part of its efforts to restore user confidence, the platform plans to run a bug bounty program for penetration testing and will ensure that all future token releases undergo full audits before launching. Pump Science’s proactive approach aims to improve its security practices and prevent similar incidents from occurring in the future. The platform is hopeful that these measures will be in place by the holidays to protect users and maintain the integrity of its operations.
Reference:
