A meme coin launchpad has suffered a major security breach, with an insider allegedly siphoning off thousands of dollars worth of cryptocurrency.
Pond.fun, a platform built on Linea, lost 64.8 Ether in what appears to be an attack from within. The stolen funds, worth around $230,000 at current prices, were funneled through a privacy tool designed to obscure blockchain transactions.
Lead Engineer Accused Of Exploiting Access
According to reports, Genesis, the project’s lead software engineer, was the brains behind the attack. He drained liquidity pools using his privileged access, then sent the money via Railgun, a service that helps conceal blockchain activity, according to Pond.fun.
While many users employ Railgun to safeguard their financial privacy, hackers are also using it to hide their activities. Genesis made it more difficult to track down and retrieve the stolen Ethereum by utilizing Railgun.
1️⃣ https://t.co/nEexigW8vL has been hacked this morning. Do not interact with https://t.co/Lrt9ct9mtG in any capacity. It appears the exploiter is a software developer on the https://t.co/Lrt9ct9mtG team. Because of this, the efrogs and croak website are also at risk, pending…
— pond.fun (@ponddotfun) March 5, 2025
Users Warned To Avoid Platform
Following the attack, Pond.fun issued a warning to its community. Users were advised not to interact with the platform’s official website, as well as affiliated sites like Efrogs and Croak. The team fears that Genesis may have compromised these sites, posing additional risks to anyone who tries to access them.
However, Pond.fun reassured its community that its Discord and Telegram groups remain safe. While users can still communicate through these channels, the project itself is now in a difficult position as it works to contain the damage.
Blockchain Firms Step In To Track Funds
Pond.fun has hired Chainalysis and Elliptic, two blockchain analytics companies, to help stop the hacker from cashing out the stolen cryptocurrency. These companies have high-tech tools that can track down suspicious transfers and help find where the stolen ETH might end up.
Another Insider Attack Adds To Growing Security Concerns
This isn’t the first time an insider attack has rocked the crypto world. Just days before the Pond.fun breach, a developer at Infini, a stablecoin neobank, drained nearly $50 million after secretly retaining admin rights. That attack was carried out through Tornado Cash, another privacy tool frequently used by hackers.
Featured image from Gemini Imagen, chart from TradingView
