PANews reported on November 26 that Pump Science published a post on the X platform saying that the T5j2U.....b8sc wallet in its GitHub repository was exploited by the attacker. The attacker found the wallet's keypair in the source code of its website. The keypair was placed in Github for testing purposes from the beginning. The development team initially thought that the relevant information was not important. However, there was an oversight, that is, the wallet address was marked as the off-chain token creator of URO and RIF on pump.fun. The reason for this oversight was that the on-chain history showed that BLDRZ....6KtuZ was the first wallet to purchase URO and RIF at the same time, and was therefore regarded as the token deployer on all other trading applications.
Pump Science added that the wallet information of T5j2U.....b8sc, which launched URO and RIF on pump.fun, has been hacked, and the attacker may try to launch more tokens. Pump Science reminded that all other tokens launched in connection with it should be regarded as scams, and reiterated that its team is currently only launching URO and RIF, and any subsequent launch of new tokens will be announced through its official channels.