The decentralized science (DeSci) platform Pump Science recently disclosed a breach involving the creation of fake tokens following a private key leak on GitHub. This incident allowed an attacker to generate fraudulent tokens, including Urolithin B to E (URO) and Cocaine (COKE), using the compromised Pump.fun account.
The breach occurred on November 25, when the wallet associated with Pump.fun, identified as T5j2UBTvLYPCwDP5MVkSALN7fwuLFDL9jUXJNjjb8sc, was compromised. The root cause was traced back to the Solana developers at BUILDERZ, who mistakenly included the private key in the open-source code on GitHub. Believing the exposed key belonged to a test address, the developers inadvertently made it accessible. This oversight was exploited by the attacker, who used the wallet to issue unauthorized tokens under the platform’s name.
In response, Pump Science announced that the compromised wallet would no longer be in use. The platform has committed to a series of audits targeting the Solana interface and related programs to ensure enhanced security. Additionally, a reward program aimed at testing the platform’s security measures is expected to be introduced soon.
Legitimate Tokens and Impact on Value
Before the breach, Pump Science had only issued two legitimate tokens: Rifampicin (RIF) and Urolithin A (URO). Rifampicin is an antibiotic commonly used to treat tuberculosis, while Urolithin A is under investigation for its potential to enhance mitochondrial function and support muscle health.
Following the attack, the values of these tokens experienced a sharp decline, with prices dropping by over 25%. This market impact highlights the sensitivity of token-based platforms to security vulnerabilities and the trust required for their sustained success.
Pump Science’s Vision and the Road Ahead
Pump Science specializes in creating tokens linked to longevity medicine research. Describing itself as a gamified research initiative, the platform enables token holders to acquire intellectual property rights related to chemical compound studies. This unique model positions Pump Science as an innovative player in the decentralized science ecosystem, blending blockchain technology with cutting-edge medical research.
Despite this setback, the platform aims to reinforce its security infrastructure to prevent similar incidents in the future. By conducting rigorous audits and offering incentives for security testing, Pump Science intends to rebuild confidence among its community and stakeholders.
This breach underscores the critical importance of safeguarding private keys and ensuring robust security protocols, particularly for platforms operating in blockchain-based environments. As Pump Science moves forward, its efforts to address vulnerabilities and restore trust will likely determine its resilience and long-term success in the DeSci landscape.