The alleged mastermind behind the Solana memecoin protocol pump.fun exploit has been apprehended in London. 

According to Blockworks, citing sources familiar with the operation, British authorities arrested Jarett Dunn, a former contractor known online as @STACCoverflow, in the early hours of May 18.

The arrest is said to have come following a meticulous 26-hour intelligence operation initiated by a third-party stakeholder who had hired a private intelligence firm. The operation leveraged social media posts and other publicly available information to track Dunn’s whereabouts in London.

Local operatives, or “auxiliaries,” were reportedly deployed in a massive search that eventually led them to the Middle Eight Hotel in Covent Garden. Dunn was found in a room at the hotel and taken into custody seven hours later. 

Interestingly, the timing of his arrest coincided with his last social media post on X, where he hinted at his identity with the username @STACCoverflow, a play on the French phrase “j’arrête” (meaning “I’m done”) and his real name, Jarett.

After his arrest, Dunn was released on bail, according to his own post on X and confirmation from the intelligence firm.

I am once again without any of my 2fa for a lil while. I spent overnight in custody as the pump team alleges I stole 2m of their Ill gotten gains with conspiracy to steal another 80m. /x https://t.co/D8CBjdB9nG

— free stacc (@jarettdunn) May 18, 2024

He is expected to remain in the UK until his court appearance, reportedly scheduled for August.

You might also like: Venezuela cracks down on crypto mining to tackle energy crisis

The pump.fun platform, which simplifies token launches on the Solana (SOL) network, was exploited on May 16, resulting in a loss of over 12,300 SOL valued at approximately $2 million at the time. 

The attacker used flash loans from Raydium, a Solana lending protocol, to carry out the exploit. Flash loans are decentralized finance (defi) tools that allow users to borrow large amounts of capital.

In this case, the attacker manipulated the pump.fun bonding curves, a mechanism that sets token prices based on supply.

By reaching 100% on these curves, the hacker accessed and withdrew liquidity meant for Raydium, then repaid the flash loan, making off with substantial profits.

Following the incident, pump.fun started working with law enforcement to investigate the breach.

https://t.co/uE2QNKXkIT coin migration issue post-mortemTL;DR:1. the https://t.co/uE2QNKXkIT contracts are safe. they have always been safe2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)3. https://t.co/uE2QNKXkIT is…

— pump.fun (@pumpdotfun) May 16, 2024

Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, was among the first to suggest that an internal private key leak might have facilitated the hack. Subsequently, Dunn, under the alias @STACCoverflow, admitted his role in the exploit, posting a series of erratic tweets where he expressed a desire to “change the course of history” and openly discussed his mental health struggles and grief over his mother’s death. 

And now; Magick: everybody be cool, this is a r o b b e r y. What it do, staccattack? I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: /x

— 🔥🪂staccoverflow ; j'arrête ; (@STACCoverflow) May 16, 2024

He also asserted that the stolen funds would be distributed to holders of various Solana tokens.

Dunn’s posts indicated that at least seven individuals were entitled to these payouts, though he did not provide specifics about the distribution process or deadlines.

His messages also suggested a motive driven more by emotional distress than financial gain.

Read more: NFT weekly sales drop 9% to $145m, Bitcoin leads despite downturn