Jarett Dunn, AKA StaccOverflow, stole millions of dollars from a website called Pump Fun, and he wanted to do it in the most dramatic and theatrical way he could. His big heist is known as the “Stacc Attack”.
He has a merch store now freestacc.io.
Sponsors
Support for this show comes from Cobalt Strike. Cobalt Strike simulates real-world, advanced cyber attacks to enable red teams to proactively evaluate an organisation’s security readiness and defence response. Their Command and Control framework gives red teamers the ability to customise their engagements and incorporate their own tools and techniques, allowing you to stress-test specific parts of your incident response capabilities. Learn more about Cobalt Strike and get a custom demo at https://cobaltstrike.com/darknet.
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.
Sources
- https://solana.com/news/02-25-23-solana-mainnet-beta-outage-report
- https://x.com/STACCoverflow/status/1791134470071865576
- https://www.coindesk.com/business/2024/05/16/solana-meme-coin-factory-pumpfun-compromised-by-bonding-curve-exploit/
- https://x.com/pumpdotfun/status/1791235050643636303
- https://cryptonews.com/exclusives/moonshot-vs-pumpfun-is-the-new-rival-as-secure-as-it-claims/
- https://decrypt.co/288345/pump-fun-attacker-withdraw-guilty
- https://decrypt.co/231807/solana-dev-hospitalized-burns-pump-meme-coin
- https://pump.fun/docs/moderation-message
- https://decrypt.co/293495/pump-fun-drops-livestreaming-controversy
Attribution
Darknet Diaries is created by Jack Rhysider.
Assembled by Tristan Ledger.
Episode artwork by odibagas.
Mixing by Proximity Sound.
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
Transcript
[START OF RECORDING]
JACK: The dumbest thing I ever bought — yeah, the dumbest thing I ever bought is a Canon DSL camera, 5D Mark II. Somewhere around 2007, I started getting into photography. DSLR cameras were just getting popular, and I wanted one, but I was too poor to afford it. I was obsessing over the Canon Rebel cameras, wishing I could have one, constantly looking at eBay to see what was out there, and every now and then, I’d find one undervalued, listed way below what it should be at. So, I bought the cheap one and I used it for a few days, and then sold it for more than I bought it. I did that three times, and eventually had enough money to get the camera for myself.