bitcoin
Bitcoin (BTC) $ 84,000.51 0.28%
ethereum
Ethereum (ETH) $ 2,305.37 0.83%
tether
Tether (USDT) $ 0.998909 0.02%
xrp
XRP (XRP) $ 2.21 1.64%
bnb
BNB (BNB) $ 604.19 1.34%
solana
Solana (SOL) $ 137.35 4.44%
usd-coin
USDC (USDC) $ 1.00 0.01%
dogecoin
Dogecoin (DOGE) $ 0.207063 4.87%
cardano
Cardano (ADA) $ 0.650918 1.66%
staked-ether
Lido Staked Ether (STETH) $ 2,306.77 0.75%
Blog

Pump.fun X hack reveals security concerns at critical juncture for memecoins

Hackers gained access to the memecoin platform Pump.fun’s X account on Feb. 26, raising questions about security at a crucial time for memecoins and the crypto industry as a whole.

The platform has since regained control over its X account. Pump.fun said that it’s unlikely any of its staff are at fault as it followed “industry best-practices, and focused on minimizing the risk of such an event occurring.”

According to blockchain sleuths like ZachXBT, the attack on the platform may have been perpetrated by the same hackers responsible for other similar exploits. 

While the Pump.fun incident came to a quick close with next to no damage done, memecoins are under increased scrutiny, and security issues are at the forefront of the blockchain industry’s mind.

Hackers posted a link for a fake governance token. Source: ZachXBT

Pump.fun hackers also responsible for Jupiter DAO and DogWifCoin

After gaining access to Pump.fun’s X account, the hackers were quick to offer a fake governance token to potential marks, stating that “democracy has never been this degen.”

The account breach was quickly flagged by blockchain investigator and analyst ZachXBT, who warned users to stay away from the X page and not interact with any links on the page. 

He also traced the hackers back to previous incidents of compromised X accounts, namely those of Solana-based decentralized exchange (DEX) aggregator Jupiter DAO and memecoin DogWifCoin.

Connecting the address used by phishers on Pump.fun’s page to other hacks. Source: ZachXBT

ZachXBT said, “Notably for these attacks it is likely not the fault of either the Pump Fun or Jupiter teams.” 

In its explanatory X post after restoring access to its account, Pump.fun detailed the various security measures it takes. It said that no messages were sent to the email associated with the account regarding changes to two-factor authentication (2FA), email, passwords or delegation. 

The platform also claimed it had a number of other safeguards in place, like physical 2FA backups, regularly changing unique and complex passwords, and not having its 2FA connected to any email addresses. 

Pump.fun’s latest post regarding the incident said it would “continue to monitor the situation and analyze any scenarios that could have taken place and report if there are any updates.”

Related: 8 most common cyberattacks and how to prevent them

The hack of Pump.fun’s social media is just the latest in an all-too-common trend of phishing attacks on prominent cryptocurrency-related social media accounts or even the institutions themselves. 

Cryptocurrency exchange Bybit was the victim of a phishing attack in which North Korean hacker group Lazarus was able to steal over $1.4 billion in Ether (ETH). A Chainalysis report following the incident found that the hacker’s chosen attack vector was a phishing campaign targeting the exchange’s cold wallet signers. This allowed them to gain access to Bybit’s user interface and replace a multisignature wallet contract with their own malicious version.

Memecoins involved in high-profile exploits and scandals

Memecoins — which launch quickly amid a furor of investors aiming to make a quick buck before disappearing just as fast — have become a prime target for phishing attacks, exploits and scandals.

As Cointelegraph reported on Feb. 10, a number of crypto data aggregators listing the Central African Republic (CAR) memecoin were directing users to phishing sites.

Phishing, Hackers, Cybersecurity, Hacks, Memecoin

Phishing links on the token’s Telegram channel. Source: Scam Sniffer

This was particularly problematic as Central African Republic President Faustin-Archange Touadéra seemed to give the token a nod of approval. He had posted on X that the government launched the token to “unite people, support national development, and put the Central African Republic on the world stage in a unique way.”

At publishing time, the project’s X account is still suspended. 

Furthermore, ZachXBT has linked Lazarus to a number of recent Solana memecoin scams, including rug pulls, on Pump.fun itself: “I made 920+ addresses receiving funds tied to the Bybit hack public and noticed a person laundering for Lazarus Group previously launched meme coins via Pump Fun.”

Memecoin scandals have also reached as far as the presidential office of Argentina. 

Earlier in February, the launch of memecoin LIBRA, which allegedly included sniping by founders — i.e., a form of insider trading — implicated Argentine President Javier Milei. The politician promoted the token on X before deleting his post when the price came crashing down. 

While there were no cyberattacks involved in the LIBRA incident, it draws attention to the unregulated and “Wild West” nature of the memecoin market.

Regulators take aim at memecoins

Memecoin market activity has already caught the attention of regulatory agencies worldwide. On Feb. 20, the US Securities and Exchange Commission announced it was creating a new group to fight cyber misconduct, including fraud involving crypto.

Elizabeth Davis, partner at the law firm Davis Wright Tremaine and an ex-Commodity Futures Trading Commission (CFTC) chief trial attorney, said that the CFTC could oversee memecoins in the future.

She previously told Cointelegraph, “There has been an increasing focus on retail market participants, and the CFTC is focused on protecting market participants from fraud and manipulation, and this would include the retail population who are the most likely to use memecoins.”

Related: Law firm demands Pump.fun remove over 200 memecoins using its IP

Even regulators in Dubai, who have usually taken a progressive approach to cryptocurrencies, have issued a warning about memecoin risks. “Many such assets lack intrinsic value and derive their pricing from social media trends, hype, or misleading promotional strategies,” said the Virtual Assets and Regulatory Authority. It further stated that memecoins issued under its jurisdiction must adhere to the law. 

Recent incidences and increased scrutiny have even moved along, with Pump.fun’s anonymous founder suggesting that the industry needs “guardrails.” These included better user education, onboarding and taking user protection “more seriously.”

Throughout the history of crypto, memecoins have fallen in and out of trend. Regulators are clearly gearing up to tackle them during this cycle and the next. At the time of writing, memecoin popularity reached its lowest level since January, but some believe it won’t rise back up.

Waves DeFi protocol founder Sasha Ivanov told Cointelegraph Magazine:

“This extractive economy cannot be very stable, and it’s going to be short-lived, so it will last maybe for half a year more, and then we will see something else.”

Magazine: DeFi will rise again after memecoins die down: Sasha Ivanov, X Hall of Flame

Related Posts
China’s-digital-yuan-could-be-a-fatal-blow-for-macau-casino-junkets
Cointelegraph Feed

China’s digital yuan could be a fatal blow for Macau casino junkets

Macau's casino junket operators have already been on the rocks during the coronavirus pandemic, and some fear that they could be “faded out” following the introduction of a fully traceable digital yuan. Beijing's bid to better control money laundering and illicit transactions through a fully-traceable central bank digital currency could pose a threat to the country's…
Former UBS Executive Establishes Digital Securities Insurance Platform
Cointelegraph Feed

Former UBS Executive Establishes Digital Securities Insurance Platform

A former executive of investment bank UBS has established a United States-based digital securities platform.According to a press release on Nov. 27, Claude Waelchli — who served over 12 years at UBS in various executive positions — launched the Tokenyz platform for issuing digital securities. Waelchli states that the financial industry can benefit from digital securities…
Ransomware-targets-outdated-microsoft-excel-macros-to-deploy-attacks
Cointelegraph Feed

Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks

Avaddon ransomware is exploiting Excel 4.0 macros to deploy an attack against users. 1531 Total views 35 Total shares Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel.Avaddon…
Why-the-bitmex-charges-could-be-bad-news-for-defi
Cointelegraph Feed

Why the BitMEX charges could be bad news for DeFi

Charges against BitMEX for weak AML and KYC policies could be bad news for the world of decentralized finance In the aftermath of criminal charges against BitMEX, the crypto community is debating whether the decentralized finance sector is also set to face the wrath of regulators.On Oct 1, the U.S. Commodity Futures Trading Commission announced…
Bitcoin-2022-—-will-the-real-maximalists-please-stand-up?
Cointelegraph Feed

Bitcoin 2022 — Will the real maximalists please stand up?

As I go about the Miami conference, I wonder, Aside from some of the conference speakers, where are these Bitcoin maximalists I keep hearing so much about?When I tell the customs official I’m going to Miami for the Bitcoin 2022 conference, there seems to be a light in the man’s eyes. He peppers me with…

Leave a Reply

Loading data ...
Comparison
View chart compare
View table compare
Back To Top