Jarret Dunn, also known by his online alias “STACCoverflow,” is on bail in the United Kingdom following his recent arrest. Dunn, a former employee of the Solana-based memecoin launchpad Pump.fun, was apprehended shortly after a significant exploit on the platform.
Admission and Details of the Exploit
On May 16, Dunn, through the STACCoverflow social media account, admitted to an attack on the Pump.fun platform that resulted in approximately $1.9 million in losses. Pump.fun corroborated this, stating that a former employee abused his position to withdraw funds and exploit the platform’s systems. According to the company, the ex-employee illegitimately accessed the withdrawal authority using their privileged position and employed flash loans on a Solana lending protocol.
Legal Proceedings and Charges
Following his confession, Dunn tweeted on May 18 that he had spent the previous night in custody. He revealed that Pump.fun had charged him with stealing $2 million and conspiring to steal an additional $80 million. Dunn noted that the company considered the total value locked (TVL) as their money in the charges against him. He urged users to withdraw their funds from the platform and disclosed that Baton Corp is the corporate entity behind Pump.fun.
Reports indicate that law enforcement tracked Dunn using his social media activity. His recent Instagram post placed him in London, and the timing of his posts on his STACCoverflow account coincided with his arrest.
Current Status and Health Issues
Following his release on bail, Dunn mentioned that he is currently in a hospital addressing mental health issues, which may render him unfit for a police interview. Despite this, he is required to stay in the United Kingdom until August 16, when he must report back to the police station.
Pump.fun confirmed the exploit and the involvement of an ex-employee in a statement, detailing the method used to carry out the attack. The company highlighted that the former employee had used flash loans on a Solana lending protocol to withdraw funds illegitimately.
This incident has raised significant concerns regarding internal security and the potential risks posed by privileged access within crypto platforms. Dunn’s case remains under investigation, with legal proceedings ongoing.