Pump Science addresses security breach with apology and action

Pump Science, a decentralised science (DeSci) platform, has apologised for a security lapse that led to the creation of fraudulent tokens using its Pump.fun profile.

The incident occurred after a private key was accidentally exposed on GitHub, allowing an attacker to exploit the platform.

"We do not want to diminish how much of a screw-up this was; we totally acknowledge that this is a huge issue and misstep on our part," stated Benji Leibowitz, a representative of Pump Science, during an AMA session on November 27.

“We’re never gonna launch tokens on pump.fun ever again,” he added, assuring users that the platform would take steps to prevent similar incidents.

The breach enabled a “known attacker” to mint unauthorised tokens, including Urolithin B to E ($URO) and Cocaine ($COKE).

Pump Science urged users not to trust any new tokens from its compromised Pump.fun profile, which has been renamed “dont_trust” to deter further fraudulent activity.

The platform partially blamed BuilderZ, a Solana-based (CRYPTO:SOL) software firm, for leaving the private key in its GitHub repository, mistakenly believing it was a test wallet.

Pump Science also suspects the attack may be linked to a previous hack involving James Pacheco, co-founder of Solana-based elmnts.

To address the issue, Pump Science has partnered with blockchain security firm Blockaid to monitor and flag suspicious activity.

The platform announced plans for a full audit of its app and smart contracts and introduced a bug bounty program to strengthen security protocols.

Pump Science specialises in trading tokens related to longevity medicines, including Rifampicin ($RIF) and Urolithin A ($URO), with market caps of $85.6 million and $37.2 million, respectively.