基于 Solana 的代币发行平台 Pump.Fun 被黑客攻击损失 200 万美元

Pump.Fun 是一个基于 Solana 的代币发行平台，已成为利用闪贷的攻击的受害者，造成约 200 万美元的损失。攻击者利用闪贷操纵平台的联合曲线合约，以获得足够的 SOL 来买断 Pump.fun memecoins 的联合曲线，从而导致财务损失。 Pump.Fun 已承认此次违规行为并实施了安全措施，暂停了所有交易活动以防止进一步的利用。该团队已向用户保证 TVL 和连接的钱包仍然安全，而 Raydium 上的加密流动性据报道不受影响。

Solana-Based Token Launch Platform Pump.Fun Exploited, Incurring $2 Million Loss

基于 Solana 的代币发行平台 Pump.Fun 被利用，造成 200 万美元损失

New York, New York - May 16, 2024 - Pump.Fun, a Solana-based platform designed for launching crypto tokens, has fallen victim to a sophisticated exploit, resulting in the loss of approximately $2 million.

纽约州纽约 - 2024 年 5 月 16 日 - Pump.Fun 是一个基于 Solana 的平台，旨在推出加密代币，该平台已成为复杂漏洞的受害者，导致约 200 万美元的损失。

The attack, which exploited the platform's bonding curve contracts, was perpetrated through the use of flash loans, a technique that allows borrowers to acquire substantial sums of money without collateral, on the condition that the funds are repaid within the confines of a single transaction.

这次攻击利用了该平台的联合曲线合约，通过使用闪电贷进行攻击，这种技术允许借款人在没有抵押品的情况下获得大笔资金，条件是在单笔交易的范围内偿还资金。

By leveraging flash loans, the perpetrator gained sufficient SOL tokens to purchase the bonding curves for Pump.Fun's "memecoins," causing significant financial losses for the platform.

通过利用闪电贷，犯罪者获得了足够的 SOL 代币来购买 Pump.Fun 的“memecoins”的联合曲线，给平台造成了重大财务损失。

Igor Igamberdiev, the head of research at Wintermute, disclosed that the company incurred a loss of approximately 12,300 SOL, amounting to approximately $2 million.

Wintermute 研究主管 Igor Igamberdiev 透露，该公司损失约 12,300 SOL，约合 200 万美元。

Pump.Fun acknowledged the breach via a statement on X (formerly Twitter), declaring, "We have confirmed that the Pump.Fun bonding curve contracts have been compromised, and we are diligently investigating the incident."

Pump.Fun 通过 X（前 Twitter）上的一份声明承认了这一违规行为，并宣称：“我们已经确认 Pump.Fun 联合曲线合约已被泄露，我们正在认真调查这一事件。”

In a reassuring measure, the team emphasized that it has implemented updates to its contracts to mitigate the risk of further exploitation and that both the platform's total value locked (TVL) and connected wallets remain secure.

令人放心的是，该团队强调，它已经对其合约进行了更新，以降低进一步利用的风险，并且该平台的总价值锁定（TVL）和连接的钱包都保持安全。

In response to the attack, Pump.Fun has temporarily suspended all trading activities on the platform. The team emphasized, "We have ceased trading operations, prohibiting the purchase and sale of all tokens. Any coins currently undergoing migration to Raydium will not be tradable for an indefinite duration."

为应对此次攻击，Pump.Fun已暂时停止平台上的所有交易活动。该团队强调，“我们已经停止了交易操作，禁止购买和销售所有代币。目前正在迁移到 Raydium 的任何代币都将无法无限期地进行交易。”

It is important to note that encrypted liquidity on Raydium is unaffected and remains secure, the company added.

该公司补充说，值得注意的是，Raydium 上的加密流动性不受影响并且仍然安全。

The exploit highlights the persistent risks associated with decentralized finance (DeFi) platforms and underscores the need for robust security measures. As the DeFi sector continues to expand, it is imperative that platforms prioritize the implementation of comprehensive safeguards to protect user assets and maintain trust within the ecosystem.

该漏洞凸显了与去中心化金融（DeFi）平台相关的持续风险，并强调了强有力的安全措施的必要性。随着 DeFi 领域的不断扩张，平台必须优先实施全面的保障措施，以保护用户资产并维持生态系统内的信任。