Pump.science Private Key leaked 'fake coin harvesting retail investors', the inside story of the crash event.

Recently, a major security incident occurred on the pump.science platform, which led to the leak of its WalletPrivate Key, which in turn caused a storm related to fake coinissuance. This article will delve into the background, impact, and implications for the community. The DeSci Decentralization science track is hot, but does it really need meme coins? (Background added: CZ makes a rare statement: not against the development of meme coins, but the current trend is a bit strange.. On the evening of November 25, it was tagged on pump.fun as the Addressissuance Urolithin B (URO) Token of RIF and URO creators, which led many community members to mistakenly believe that it was the official issuance token of pump.science. Urolithin B (URO) quickly "graduated" and within two minutes of joining the Liquidity pool, its Market Cap soared to $10 million, but then began to decline, and the Market Cap has now fallen back to about $100,000. The event also appears to have had an impact on the market performance of Urolithin A (URO) and Rifampicin (RIF), both of which fell more than 30% in 24 hours. So, what's going on here? Leaked pump.science Wallet key pair The cause of the incident was a leak of pump.science's Wallet key pair. According to pump.science, due to an oversight in the GitHub repository, WalletAddress T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc was attacked, and the attacker found the key pair in the website's source code. The key pair was originally used for testing purposes in pump.science's GitHub, and the development team didn't realize its importance. From the scam URO Token page that appeared in pump.fun last night, it can be seen that the WalletAddress that deployed this fake token is T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc. According to the pump.fun platform, this address has deployed two official tokens, Urolithin A (URO) and Rifampicin (RIF), in off-chain, and the current Market Cap is about $87 million and $37 million, respectively. The scam URO Token was caused by the leaked key pair T5j2UBT beginning with an address in on-chainissuance. This is exactly why it will be shown on the pump.fun that it is the deployer of the official URO and RIF Token that has released the new coin. Pump.science said that the Wallet is the off-chainToken creator marked as URO and RIF on the pump.fun, and attackers may exploit the Walletissuance for more tokens, and any other tokens used by this Walletissuance in addition to URO and RIF should be considered fraudulent. It is worth noting that pump.science officially did not take any remedial or compensation measures against those users who misbelieved and dumb bought to scam URO Token, which caused widespread follow-up and heated discussions in the community. pump.fun off-chain creation function causes confusion in the display of the Block chain browser and data tools, and the community is also suspicious of the pump.fun and Block chain browsers and the token creator display in the data tool. pump.science Official URO and RIF Tokens are created on off-chain via pump.fun, while scam URO is created on on-chain via pump.fun. However, the Block chain browser solscan shows that the deployer addresses of Urolithin A (URO) and Rifampicin (RIF) are: BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ. Next, let's first understand the off-chain coin function of pump.fun. On the pump.fun platform, off-chain coins are free, and tokenissuance is not immediately on-chain until the first purchaser appears. And the first purchaser needs to pay the token's issuance cost. Therefore, for tokens created by off-chain, the first purchaser is usually mistaken for the deployer of the token by data tools such as the block chain browser solscan or GMGN. For example, after the official URO and RIF Tokens were established on off-chain, the first purchaser's WalletAddress BLDRZQiqt4ESPz12L9mt4XTBjeEfjoBopGPDMA36KtuZ was incorrectly marked by solscan or GMGN as a token deployer. Here, the author reminds investors that when investing in Meme Token, pay attention to distinguishing between tokens established in pump.fun on-chain and off-chain and verify them to prevent falling into the trap of fraud. Also, be wary of any potential Walletissuance tokens leaked by pump.science that start with T5j2UBTvLY. At the same time, we also hope that platform parties and token deployers can strengthen security measures to prevent the recurrence of such fraudulent behaviors. Related Stories What do VCs think of the current meme coin frenzy? How long can Meme go this cycle Bitrace Launches Web3 Anti-Fraud Complete Handbook: 6 Extreme Scams Lurk On-chain Beware! Netizens used ChatGPT to develop Cryptocurrency Speculation robot "buried back door", Private Key leaked Wallet was instantly emptied "Pump.science Private Key leaked "fake coin harvesting retail investor", the inside story of the crash This article was first published in the moving area BlockTempo " Dynamic Trend - The Most Influential Block Chain News Media".