由于私钥泄露，闪贷攻击导致 Pump.Fun 损失 200 万美元的 SOL

Memecoin 启动板 Pump.Fun 今天成为漏洞的受害者，导致价值约 200 万美元的 SOL 被盗。攻击者利用该平台的服务账户提取 Raydium 的流动性，然后将其用于偿还闪贷并向 Solana 代币持有者捐赠资金。 Pump.Fun 团队升级了合约以防止进一步的损害，并强调用户钱包和烧毁的代币是安全的。

Pump.Fun Exploited for $2 Million in SOL Amidst Private Key Compromise

Pump.Fun 因私钥泄露而被利用，索取 200 万美元的 SOL

In a brazen cyberattack today, Pump.Fun, a memecoin launchpad platform, fell victim to a malicious flashloan exploit that siphoned away a staggering 12,300 SOL, valued at approximately $2 million.

在今天的一次无耻网络攻击中，memecoin 启动平台 Pump.Fun 成为恶意闪贷漏洞的受害者，该漏洞窃取了惊人的 12,300 SOL，价值约 200 万美元。

The sophisticated attack utilized flashloans, instantaneous loans designed to be borrowed and repaid within a single blockchain block, to drain funds from the platform. According to analysts, the exploiter was able to gain access to Pump.Fun's service account, which acted as a cosigner for all of the attacker's transactions, suggesting a possible private key compromise.

这次复杂的攻击利用了闪贷，即旨在在单个区块链区块内借入和偿还的即时贷款，以从平台中抽走资金。据分析人士称，攻击者能够访问 Pump.Fun 的服务帐户，该帐户充当攻击者所有交易的共同签名者，这表明可能存在私钥泄露。

Pump.Fun's service account is responsible for burning bonding curve liquidity to Raydium, a decentralized exchange, once a token has filled its bonding curve on Pump.Fun, allowing the token to commence trading on the open market. However, by accessing the service account through the compromised key, the hacker intercepted the liquidity meant for Raydium, used it to repay the flashloan, and donated the remaining funds to holders of various Solana tokens.

一旦代币在 Pump.Fun 上填满其联合曲线，Pump.Fun 的服务账户负责将联合曲线流动性燃烧至去中心化交易所 Raydium，从而允许代币开始在公开市场上进行交易。然而，通过泄露的密钥访问服务帐户，黑客截获了 Raydium 的流动性，用其偿还闪贷，并将剩余资金捐赠给各种 Solana 代币的持有者。

In response to the attack, the Pump.Fun team swiftly upgraded their contracts to prevent further damage. They have assured users that all wallets connected to the application remain secure, and any tokens previously burned to Raydium are unaffected. However, trading on Pump.Fun has been temporarily suspended, and tokens that were manipulated to migrate to Raydium via the exploit will remain in limbo for an indefinite period.

为了应对此次攻击，Pump.Fun 团队迅速升级了合同，以防止进一步的损害。他们向用户保证，连接到该应用程序的所有钱包都是安全的，之前烧录到 Raydium 的任何代币都不会受到影响。然而，Pump.Fun 上的交易已暂时停止，通过该漏洞操纵迁移到 Raydium 的代币将无限期地处于不确定状态。

Pump.Fun, a platform that empowers non-technical individuals to launch memecoins with minimal effort or expense, has seen explosive growth, enabling the launch of hundreds of tokens on Blast and Solana. According to DeFiLlama, the platform generated over $10 million in revenue last month alone.

Pump.Fun 是一个让非技术人员能够以最少的努力或费用推出 memecoin 的平台，该平台已经实现了爆炸性增长，使得在 Blast 和 Solana 上推出了数百种代币。据 DeFiLlama 称，该平台仅上个月就创造了超过 1000 万美元的收入。

The incident highlights the vulnerabilities that persist in the decentralized finance (DeFi) ecosystem, particularly around private key security and the potential for malicious flashloan exploits. As DeFi continues to gain popularity, the industry must prioritize robust security measures to safeguard user assets and maintain investor confidence.

该事件凸显了去中心化金融（DeFi）生态系统中持续存在的漏洞，特别是在私钥安全和恶意闪贷利用的可能性方面。随着 DeFi 的不断普及，行业必须优先考虑强有力的安全措施，以保护用户资产并维持投资者信心。