Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$230 000 USD

MARCH 2025

GLOBAL

POND.FUN

DESCRIPTION OF EVENTS

Pond.fun is a platform designed to help prevent short-term "rug pulls" in the crypto space by encouraging token creators to build sustainable, engaged communities. The process begins by creating a community-focused token with a name, symbol, and description. Once launched, the token is traded on decentralized exchanges (DEXs), and its success is determined by the strength of its community. The more active and engaged a community is, the higher its token's presence and ranking on Pond.fun, helping ensure long-term success and growth.

 

According to reports, Genesis, the project’s lead software engineer, was the brains behind the attack. He drained liquidity pools using his privileged access, then sent the money via Railgun, a service that helps conceal blockchain activity, according to Pond.fun.

 

$145k from 64.8 ETH? Or $230k elsewhere.

 

"According to Pond.fun's official disclosure, the Linea-based meme coin launchpad Pond.fun was hacked this morning. Initial on-chain and off-chain evidence suggests that Pond.fun’s lead software engineer was behind the attack. The attacker drained liquidity from the Pond.fun smart contract and sold off the project tokens."

 

Following the attack, Pond.fun issued a warning to its community. Users were advised not to interact with the platform’s official website, as well as affiliated sites like Efrogs and Croak. The team fears that Genesis may have compromised these sites, posing additional risks to anyone who tries to access them.

 

However, Pond.fun reassured its community that its Discord and Telegram groups remain safe. While users can still communicate through these channels, the project itself is now in a difficult position as it works to contain the damage.

 

The stolen funds, worth around $230,000 at current prices, were funneled through a privacy tool designed to obscure blockchain transactions.

 

Pond.fun has hired Chainalysis and Elliptic, two blockchain analytics companies, to help stop the hacker from cashing out the stolen cryptocurrency. These companies have high-tech tools that can track down suspicious transfers and help find where the stolen ETH might end up.

 

The team is actively working with Chainalysis, Elliptic, and the Linea network to trace the stolen funds and gather evidence. This includes analyzing on-chain activity and attempting to prevent the attacker from passing privacy checks like Proof of Innocence (POI).

 

There may be ongoing efforts to recover funds or pursue accountability, especially if identity and evidence against Genesis are further established.

 

Explore This Case Further On Our Wiki

Pond.fun is a crypto platform aimed at preventing short-term rug pulls by promoting sustainable, community-driven token launches on decentralized exchanges. However, the platform recently suffered a major insider attack, allegedly carried out by its lead software engineer, Genesis, who exploited privileged access to drain liquidity pools and steal 64.8 ETH—worth approximately $230,000. The stolen funds were funneled through the privacy protocol Railgun to obscure the transactions. In response, Pond.fun warned users to avoid its website and affiliated platforms, while confirming that Discord and Telegram remain secure. The team has partnered with blockchain analytics firms Chainalysis and Elliptic and is working with Linea to investigate the breach, trace the funds, and prevent the attacker from laundering or cashing out the stolen assets.

Pond.fun Chief Engineer Steals Liquidity and Transfers 64.8 ETH - PA News Lab (Apr 29)
Pond.fun - "http://Pond.fun has been hacked this morning. Do not interact with http://pond.fun in any capacity. It appears the exploiter is a software developer on the http://pond.fun team. Because of this, the efrogs and croak website are also at risk, pending further security review. Discord and Telegrams are still secure." - Twitter/X (Apr 29)
Pond.fun - "This ensures Genesis is fully removed from the http://Pond.fun page. We’re also running DNS tests to confirm everything works smoothly." - Twitter/X (Apr 29)
https://cryptonews.com/news/pond-fun-hacked-by-insider-chainalysis-and-elliptic-tapped-to-block-funds-withdrawal/ (Apr 29)
Pond.fun hacked by insider; Chainalysis and Elliptic tapped to block funds' withdrawal (Apr 29)
Meme Coin Platform Pond.fun Loses 65 ETH In Insider Job (Apr 29)
https://www.bitget.com/news/detail/12560604619935 (Apr 29)
pond.fun was attacked by internal personnel, and 64.8 ETH has been transferred to a privacy protocol - ChainCatcher (Apr 29)
One Of The Theft Transactions - Etherscan (Apr 29)

Sources And Further Reading

More case studies

Zoth mintWithStable Loan To
Value Logic Flaw Exploited

1Inch Resolve Order Suffix
Integer Overflow Vulnerability

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.