152: Stacc Attack

The dumbest thing I ever bought

Yeah, the dumbest thing I ever bought is the Canon DSL camera, 5D Mark II. Somewhere around 2007 I started getting into photography.

DSLR cameras were just getting popular and I wanted one, but I was too poor to afford it.

I was obsessing over the Canon Rebel cameras, wishing I could have one, constantly looking at eBay to see what was out there, and every now and then I'd find one undervalued, listed way below what it should be at.

And so I bought the cheap one and I used it for a few days and then sold it for more than I bought it. I did that three times and eventually had enough money to get the camera for myself.

Basically, it was a free Canon Rebel. And I used the crap out of it.
I probably took thousands of photos with it. I shot models sometimes, but my favorite was architecture.

I especially love Derelict or abandoned buildings. And after a year of taking all these photos, Canon was launching a new camera, the 5D Mark II.
Oh, how I started wishing I could get that.

And for some reason, I just couldn't resist. And I pre-ordered it.
The thing cost $2,500.

And it was absolutely something I could not afford at the time. But I thought it was my ticket to becoming a professional photographer.

So I spent every last penny I had on it and even went into debt to buy it. Oh, it was amazing.
Full-frame sensor. It took perfect photos.
But here's the problem.

I felt this thing was way too expensive to take anywhere. Like, if I'm walking around in abandoned buildings with thousands of dollars in camera gear around my neck, I might get robbed.

And if it got scratched, I would have cried. So I never took that camera anywhere and brought my cheaper one with me instead.
The one I didn't mind if it got broke or stolen.

But this changed my whole relationship with photography after that. I had all this camera gear, and because I was too afraid to use it, I didn't shoot much at all.

I realized my dreams of being a pro photographer were done, and it was a dumb idea to buy this thing. I don't know what I was thinking at the time, so I tried selling it.

But the thing is, selling something that expensive is tricky, you could easily get scammed or robbed, and it was very nerve-wracking.

On top of that, nobody was really buying these super high-end cameras, so I ended up selling it for way less than what I paid for it.

Now, I say that was the dumbest thing I bought because yesterday I bought something way dumber.

These are true stories from the dark side of the internet.

I'm Jack Reeseider.

This is Darknet Diaries.

This episode is sponsored by Cohesity. For security and IT leaders, resilience isn't recovery alone.
The pressure never lets up.

Be it from cyber criminals, nation-state threats, or boardroom scrutiny, weakness cannot be found. But Cohesity makes sure you are ready for the midnight alerts and prepared for the morning reviews.

In a relentless world of cyber threats, resilience is more important than ever.

With Cohesity, you can secure and protect your company's entire data estate with a single platform, reduce your risk from threat actors, and quickly respond and recover from destructive cyber attacks.

Cohesity's protection is comprehensive, proactive threat detection and classification with multiple feeds, AI ML, zero-day detection, and 230-plus patterns across 12-plus global regulations.

And most importantly, Cohesity is reliable. They provide some of the fastest possible restores, rapidly recovering thousands of VMs backed by immutable, strictly consistent data copies.

This is why Cohesity is trusted by 70% of the global 500. Discover how leaders stay resilient at cohesity.com slash resilience everywhere.
That's Cohesity, spelled C-O-H-E-S-I-T-Y.

Cohesity.com slash resilience everywhere.

This episode is sponsored by Arctic Wolf. AI is reshaping industries, transforming how we solve problems, and challenging ethical boundaries.

As with all powerful tools, though, its impact depends not just on what it can do, but on how we choose to use it.

In Arctic Wolf's new report called Navigating the Human-AI Relationship for Security Operation Success, you'll gain exclusive insights from nearly 2,000 global organizations.

Discover how they're leveraging advanced technologies and partnerships with their people to set their security posture up for success.

Learn which industries are leading the way in terms of AI adoption and which are lagging behind. See how fears of additional risk introduction and spiraling costs are influencing AI adoption.

Understand how different global regions view the capabilities of AI-informed technology for breach response.

And that's only a fraction of the essential information waiting for you in navigating the human-AI relationship for security operation success.

Download your copy today at arcticwolf.com/slash darknet. That's arcticwolf.com/slash darknet.

Yeah, all right. So let's start at the beginning here.
Um, first of all, what do you want to uh, what do you want to be known for as if I call you names? Uh,

yeah, it's fine. Jared Dunn works.
Um, I'm all over the internet, and I'm not, I'm fully dots. It's it's perfectly fine.

Um, and then uh, if not, then uh, most people would know me as that, I guess, or stuck over.

I'm gonna jump to the chase for you right now. Jarrett, aka stack, executed a wild and astonishing robbery.

He stole millions of dollars in cryptocurrency, which is why I call this episode stack attack. But his grand heist is so different that it had me questioning far more than stolen money.

It cracked open a door that I didn't even know was there, leading me through a maze of questions that I'm still trying to find my way through.

And it's also a story I think a dozen people have told me to look into at this point. Have you heard of meme coins?

They're like jokes, but in the form of cryptocurrency, they're really weird and nobody seems to understand why they have any value at all. Yeah, there's no inherent value.

The whole pitch pitch is that there is no pitch. And you might say, oh, I would never buy something with no value.
Oh, yeah.

Then are you saying you never bought name brand clothes or food or medicine?

The store brand, ibuprofen, has the exact same ingredients as the Advil brand, and it's just as effective and is honestly the exact same product.

Yet people still prefer the Advil brand, even though it costs twice as much. And that's marketing for you.
That's storytelling for you.

Stories alone give value and meaning to otherwise meaningless or valueless things. So anyway, people are buying cryptocurrencies simply as a joke, almost like they're laughing at themselves.

Like they know they're buying a meme coin and it's a stupid idea, but they're like, yeah, let's do that. And then they feel stupid even after doing it.
It's very strange.

Now, are you, are you into, like, do you like crypto and NFTs? Or is this like something you're just like poking at and making fun of and being like, what idiots are buying all this stupid stuff?

I should, I guess, give a lot of context. I'm bad at context.

It's raging autism. So

I've been in crypto since maybe 2011 or 12. I used to make YouTube videos.
The intro I used to give was I have lost multi-millions many times over and I'm still here grinding now.

I've kind of fallen disillusioned now. I used to really believe in the revolutionary aspect of this entire thing and kind of separation of finance and state and all that kind of stuff.

And I was very much on board with causing a lasting change, I guess.

But I've kind of been disillusioned and I'm not really sure where I fit in a spectrum of a believer or not these days, because it pays the bills.

However, I have this looming court case, and so I don't really know where I stand. I'm a developer.
I'm not a very great developer.

Somebody recently described me as a Sephard programmer, but I don't believe. So

I connect dots really well. And I've contributed, I guess, to Bitcoin, Ethereum,

I contributed heavily to Steam, and I was actually a block producing witness on a bunch of sidechains. I believe I've been around with EOS for a while.
I went to Wax.

Wax is a gaming chain, you know, it's like Neos Spork, like very close to EOS. And then the thing is, Solana is built different, and they really do tailor the entire thing

to welcome and promote new developers. And so once I found Solana, I kind of found a place for myself, I guess.
So he's contributed to the development of many cryptocurrency projects out there.

And it was Solana, the fifth largest cryptocurrency that he felt most at home in. And he put his focus there.

But one thing thing Jarret just can't help doing is looking for bugs in the code that can be exploited for money.

Because if a bug is present in a crypto project, it could result in catastrophic losses for everyone involved.

The bug hunting, I'm trying to get a square understanding of this because are you looking for bugs and then reporting them so they get fixed, or are you looking for bugs and then exploiting them?

So I will tell you, I have in the past reported any number of bugs that have gone on deaf ears. Reported bugs all over the place.
So So I reported a bug to Rabian and Orca Whirlpools at one point.

Orca dismissed it as out of scope because they don't support that particular program, I guess. I don't know why.

And then also Rabian, they got all the DVMs and basically said there's nothing we could do to prevent good market behavior.

So

that's

that kind of wall you hit. In short, no, I usually try to report these things.
In total, I've been paid, I think, two bug bannies that are significant.

Jared claims that he had information about FTX's downfall before it became public.

FTX was a huge crypto exchange that was discovered to be mismanaging its money and lying about it, and the founder ended up going to jail. A lot of people lost a lot of money because of it.

And Jared tried to warn his government by telling them to look into FTX.

In November 2022, I withdrew my re-application to Canadian Forces, hoping to bring my concerns to the right people about FTX, perhaps make a difference.

However, the recruitment process took too long, and by the time I withdrew my application, damage had already been done in the rotary crypto ecosystem.

Knowing now that should I ever be left in a moral conundrum with hundreds of millions and user funds at risk, surely leading to another bloodbath of worldwide suicides, the only way to be hurt is through dramatic and impactful action.

Because without a theatrical display, nobody ever really listens.

He wished he could have been more dramatic and theatrical to warn people about the FTX collapse?

That makes me wonder what he's thinking here. Like, what does it mean to be more theatrical about warning people? What do you consider yourself?

Are you uh trying to make things better are you securing the internet to the crypto are you evangelizing it or are you sticking your finger in someone's eye i really wish i i knew i really wish i knew if i knew i would have some kind of idea even in 2023 you didn't have a clear direction no not at all in 2023 that was that was that was the first that was the first anniversary after my mom's death the 25th there when they put the release that outage report i was uh very deep into grief how did your mom die she was uh marcine

uh candida Canada killed her.

She fell and broke a hip and she was interoperable, so they put her out of her misery.

Oh my gosh,

that must have been so sudden and surprising. Yes, it was.

So she was already on out of we knew we knew she was on the way out and it's a very long story, but it is what it is and it's probably for the better.

I just still struggle with, it's been on very important days of the year. I struggle.
Jarrett had a hard time coping with the death of his mother. He loved her dearly.

She was everything to him, but it was a complicated relationship. I read his psychiatric report.
It said she had her own mental health issues and would do crazy things like set her own house on fire.

So like Jarrett came home from school three different times with his house on fire. He got addicted to cocaine early on when he was like a teenager and just had a wild upbringing.

And he wanted me to add that the psychiatric report is questionable since the NHS screwed it up a little bit by putting the wrong ID on there and misspelled his last name.

In February 2023, he was grieving her loss pretty hard because it was the one-year anniversary of her death. And he turned to his computer to cope.

Perhaps that's a safe outlet if he's just playing video games or watching YouTube. But what he decided to do was attack the Solana network.

Solana is a type of cryptocurrency. It's the fifth biggest coin in terms of market cap.
It's kind of a big deal. And Jarrett knew some of its weaknesses.
So he started messing with it.

I was out of my mind. I was grieving and I was trying to do as much damage as I could.
So I was queuing as many recursive transactions as I possibly could.

The validator is running clockwork because they can optionally do this geyser plugin and get additional money by running these threads. Clockwork is a scheduling software.

The thing is, I figured out that you could do recursive transactions.

So you actually have a transaction that calls another transaction in the same slot, which obviously, if you have enough money to pay Piper, that's terrible for blockchains or any competing network uh all went down again and a couple days later i was like asleep or in a coma and the entire slum in the hog went down on clockworking like

he was able to generate block sizes so large that it overwhelmed the network and transactions were getting clogged of all of the transactions by bite size i was four percent i was i was the user or bot submitting four percent of everything on slam and in that particular block yes or for a few how

how did that you must have had a really beefy system no it was just using it was just using their uh their their threads so i was i was queuing transactions that would that would then call themselves on chain whenever there was certain conditions met however i then found out that i could just have them call themselves immediately which is which is the recursion that i think uh broken it

solana reported a 20-hour outage on february 25th 2023 They experienced unusual block sizes, which when rebroadcasted through the network, ended up degrading the service.

So they put Solana in maintenance mode to fix the problem. Essentially, no Solana transactions could occur pretty much that whole day.

And I can't exactly confirm it was Jarret who took down Solana during that time. My guess is he contributed to whatever problems that were going on.

But the thing is, is that he was never blamed for this. Solana never came out and said they know who did it or anything like that.

I have to admit, I didn't think it was possible to cripple a cryptocurrency's network so badly that it can be taken offline like this. $2 billion are traded every day on Solana.

And for all that to come to a halt because some guy is having a bad day, that's just wild to me. How did you get started with PumpFun?

Totally, the CEO of Solana, I lost the coin on April Fool's Day, April 1st of

this year. And

it was called Bunker Coin. I bought it and I appeared back.
And all I did was copy the first half of a paragraph in the Bitcoin white paper and threw it in there. And then I threw up a PumpFun coin.

It's the very first time in my life I've ever used PumpFun at that point. And I called it Bunker Coin Futures.
And it's April Fool's Day, but but it filled immediately.

I didn't expect anything to happen. And I once go back on bed.
I went back to the theater and my two salon had become 10 salon, which is significant.

So I guess I was hooked on the casino at that point.

Pump Fun

To research this episode, I actually created an account on there and used the site for a few days. And he's absolutely right.
It feels like a casino, and it's pretty addictive because of that.

And the meme coins I bought on there yesterday absolutely are the dumbest things I ever bought in my life.

I kept finding myself lost in a daze staring at the screen, watching my bags, then suddenly waking up, realizing I'm betting on memes. And I say to myself, what in the world are you doing?

So what PumpFun is, it's a place that anyone could go to and make a meme coin on the Solana network. It's very easy and fast.
And then others can buy your meme coin from you if they want on the site.

The site looks a lot like 4chan. And as you're there, you're just bombarded with endless messages of new coins being created and what coins people are buying and selling.
And it's wildly popular.

So before your eyes, you're watching a coin get created by someone and then hundreds of people are buying that coin all in the first five minutes of it existing.

And I only went there to research this place. I only spent like a few bucks on meme coins.
Like for $2, you can buy 30,000 meme coins. As I used the site myself, I got familiar with the game.

It's called Pump Fun because the game is to pump and dump. A meme coin's relevancy only lasts a few minutes sometimes.
Then it crashes into oblivion.

So the game is to jump in on a coin, hoping more people are going to buy it after you do. And if they do, your holdings go up.
And then you need to get out before that goes back down.

And so the people holding that coin will use every strategy they can to get others to buy it after them.

And as I played this game, I too became someone trying to convince others to get in on this coin. It's hot.
Pump it. And then as soon as they jump in, I jump out, dump it.

It's ruthless in that way because you see the other people who are buying the coin and you want to think they're on your team. They're going to help you pump it.

But no, they're just looking for a way to get out before you do. Everyone's trying to take each other's money and that's the game.
That's the gamble.

And I think that's what draws a lot of people to come play at the site. One of my favorite towns to visit is Las Vegas.
And everyone knows when you gamble, the house always wins. It's a rigged game.

Yet they still gamble. They put their luck on the line and bet real money even after knowing the games they're playing are not fair.

But I love Las Vegas because there's nowhere else in the world which is as wild and crazy as it. It's incredibly entertaining and fascinating to experience.

And I learned a lot from that town, such as how to stay focused in a chaotic environment, how to see through the glitz and glam and notice what something really is.

and maybe even a glimpse of what humanity is really like.

I met some people who use PumpFun regularly, and even they think what they're doing is laughable.

Like he was telling me he made bank off of fart coin or a squirrel called peanut the other day or something ridiculous.

Because when you're buying meme coins, you're buying something that is just so bizarre that you end up questioning your own sanity.

But it's fun because it's interesting and weird, and we all like interesting things.

You go there, you make a token, you share it with your friends and your family, and then they come in and buy it out of you. It's on a bonding curve.

So the first person that buys buys it for the very cheapest. And as people, as more people buy, if it was only buyers, for instance, the price just continues to go up for tokens.
So

the idea is that you eventually sell shit tokens for a gain after you have shared it with close friends and family for them to buy after you, whether that's your toward porter friends or not, or however you want to describe it, legally to friends and family.

And then you make a gain on their loss, essentially. And

that's basically it.

It's made to look like Fortune, I guess, with the comments and such. And there's a cute little interface with flashing lights on the landing page.
You say cute little interface. I'm looking at it now.

It is ugly.

Yes, it is. It is horrifying.
The site is right out of bizarro internet land. The layout is weird.
The images and coin names are a cringe. It's all moving way too fast for anyone to be able to read.

Things are like jumping off the screen, constantly trying to get your attention.

And so Jarrett was playing around on the site quite a bit, launching coins, running trading bots, and being pretty active on PumpFun, tweeting about it too.

And a recruiter on LinkedIn got all me and said, you should apply for a couple of jobs. And I said, sure, why not? Begrudgingly, actually.

And I had like two or three interviews with Pump, different founders, and

I got an offer. So they paid for my passport, paid for my flight, paid for a couple of other things.
I got a thing gay renewal of my passport and a ticket. That was actually the same night.

And then I flew over to the UK. I've only left Canada once in my life before this.
So Jared got hired by PumpFund and moved to the UK.

And he knew this was a crazy idea to move to a new country for some wacky crypto project, but was excited about it too. I was just excited to work in a real office again.

I've been remote first since like 2013 when I worked for Research and Motion. It was my last in-person job.
Uh, like the guys that later call themselves Black Rain, they're now out of business.

It's a long career of isolation and addiction and stuff. And like, I just, I really wanted to be part of an organization that was young and fit and like looking forward to achieving stuff.

Like, they were already one of the number one earning apps anywhere in crypto. It's a very long story.

Like, I don't really know, but the main, the main main thing is I wasn't on a medication, probably not thinking straight, that's one thing.

And then, uh, what was uh, what was the medication you're on?

i'm on antipsychotics once a month uh via via depot and i'm also on um uh all the answer vivans or whatever which you're in america so vivance yeah i fixed morning hairs up there what is that treat radiation okay so you go to you go to london you meet with the uh the creators of this what are your what is your opinions of them oxford yeah yeah i flew to oxford they're all they're all younger they're all uh and in student housing in oxford there was this black tie event they threw it was their second masquerade or third or whatever what was your first opinion of them i don't really know.

I didn't insist to be the CTO as the CTO. I actually

mistook him as an employee.

They're all in young 20s and very unexperienced, I guess is the word. How many people were there?

There's three co-founders and I was the first hire outside the founding team. He moved into a shared living space with the other co-founders.

But after a short while, they all moved to London and got an Airbnb there for everyone to stay at. And they also rented an office.
We got a rental last minute

across from the Buckingham Palace Palace via Buckingham.com, which was the Buckingham Gate residences.

This was actually a pretty posh place they rented for the team to do work out of. And if you're wondering, how does Pump Fun make money?

Well, they charge a 1% fee for every trade that happens on the site. So I'll send you this link in a sec.
Let me just load it up for a second thumb. Yesterday they made

that's actually gone down a whole bunch. They made $520,000 yesterday.
Okay, let me look at it. Yeah,

$340 million in fees they've collected.

Yes.

That's not including TBL.

That's just fees.

The site is apparently crazy popular. Tens of thousands of meme coins are made every day there.
And they were experiencing explosive growth. No wonder they wanted to hire developers.

The site was probably barely able to stay on the tracks.

And it's strange to me that this is the wacky world we live in, where joke tokens have such a wild demand, where the site creators can make hundreds of millions of dollars from this.

And see, here's the thing for me. I want to understand the world.
I want it to make sense.

And whenever I learn about something that doesn't make sense at all, I used to dismiss it and say, oh, those people are obviously stupid or that's fake or that's wrong or something.

But now when I hear something really absurd, I lean into it and I stay there until it makes sense to me. Like, I still don't understand why the game Banana is the third most popular game on Steam.

Can somebody please explain that to me?

Most of the time, when I figure out a mystery like that, it's a big waste of time time for me because I'll just learn that I was lied to on the onset and I saw something fake or something, which made me believe something else.

But in this case, we can see exactly how much money this site is making because the blockchain is public for anyone to see. And yet, they've made hundreds of millions of dollars on this site.

How are meme coins so popular that millions of dollars are being spent on them every day?

The more Jarrett learned about Pump Fun, the more concerned he grew with the whole company.

Like to start with, one of the first things that happened when he arrived is they held a black Thai party, which was wild outrageous there was a horse like a miniature horse there was fire dancers there was uh 200 oysters that were bought he was we spent like 20 000 in the bar and he started thinking this place is more crazy than he realized in short i think they're committing any number of uh

thousands tens of thousands of times a day actually because there's like 20 000 of these tokens launched every day the first thing that i didn't really give much thought to is there's no KYC or AML across the entire board.

Okay, so KYC is know your customer and AML is anti-money laundering. Personally, I don't want anyone in the world to know I bought a meme coin from this place.

So I definitely don't want to be putting my actual name as the owner of that. And think about if I went into a casino in Vegas to gamble, there's nobody collecting my name before I can gamble there.

But regulations are starting to come up everywhere in crypto land, and it's very difficult to know what to follow and how. So I'm just not sure if the site is required to do any KYC or not.

Then Jared also thinks that there's a whole financial advice problem on the site. See, the government has made it illegal for me to give you financial advice.

If I wanted to give you financial advice, I'd have to be registered with the SEC.

And Jarrett tells me that there are loads of people on PumpFund who are, in fact, giving financial advice, saying things like, buy this crypto coin and you'll get rich. Is that illegal?

Jarrett thinks so. So he tells me the site's official stance is that we're all friends and family on the site because you can give financial advice to your friends and that's not illegal.

I looked on the site for a privacy policy or terms of service and they don't exist. So from what I can tell, the site does not post any rules of what's allowed or not allowed.

But there's one part of the site which is worth mentioning. To launch a coin, you need to create an account, name the token, and give it a logo or something.

But to pump it, you can go live, flip on your camera, and tell the world why they should be buying your token. And of of course, because you're the creator, if the token goes up, you make money.

But can you think of any problems that might arise on a site where you can make money live streaming and everyone is anonymous and no age checks are required? So the live streaming feature.

So if you go and create a coin, and actually it'll show you on that landing page if anybody's live streaming, and you can kind of get the gist.

This was one of the things that caused me very much grief. I remember I said to my friend's boyfriend, how could I work on this feature?

Their live streaming platform allows for the sexualization of young girls for financial gain, operating without KOIC or AML protections, thus exacerbating potential for exploitation and abuse.

So basically, anybody can live stream on a site. And what that really means, and how this came to be, in fact, having noticed it while I was there, is that

questionably of aged girls who are sexualizing themselves on camera, like as a live streaming platform for sex cameras, whatever we're going to call them,

porn games. The point is there's no KOIC.
There's no even attempt to prove that everybody's of age.

So for instance, when one of the founders joined one of these streams that were happening on Telegram at the time because they were excited and wanted to integrate it live on the site, which was a major boost in traffic and themes and all that.

He joins and

somebody else is on the audio for this Telegram chat and says, this girl is 12 years old. And she says, nah, baby, I'm 21.
And that was the extent of

the KYC there. I did not ask Jarrett to show me evidence of underage girls streaming on the site.
And Jarrett Sawyer told him they didn't want to see it either.

I did see sexual photos of adults, though, on the site. Let me read a tweet from you that the PumpFun Twitter account wrote on June 13th, 2024.

We at PumpFun are fully committed to a family-friendly user experience. Trading memes should be a fun experience for the whole family.

That is why we resolutely condemn the porn meta that has taken over our site, but we can only accomplish that with your help. Please send all the porn you find to our intern.

And it has the intern's email address. And see, that's what I mean about PumpFun.
You can't tell if what you're looking at is a joke or real.

But as I spent time on the site myself, I can tell you it's definitely not family-friendly. I saw way too many buttholes while I was there for sure.

And the site has a strong resemblance to 4chan, which is known for being the underbelly of the internet, where the scummiest of content is posted and shared. But heck, even 4chan has rules.

And I sat in on the very first Twitter spaces that PumpFun held. 10,000 people joined it, and the craziest question got asked.

This question actually contains a swear word. So if you don't want to hear swear words, skip ahead two minutes.
One last thing.

I seen you guys getting a lot of FUD about this, and I was very curious about it because I was trying to defend y'all.

Guidelines. What do you guys think about guidelines? Because I've seen a lot of people doing crazy stuff on Pump Fun, me included.

Would you guys add any guidelines or safety precautions on your website to fight that? I mean,

first of all, I think like our ethos is we're like super pro-free speech. We want as much as

much content as possible on our platform be to be to go across however if there's anything illegal or um sort of outright sort of yeah illegal based on the platform like we have to take it down right like we can't have that running like both as a moral obligation and a sort of business obligation like we we don't want to be distributing anything anything like that or having anything on the platform um so yeah that's that's that's sort of the way we start

Actually, no, surprisingly, our sort of,

we've sort of had like this moderation team and stuff like that. And surprisingly, there hasn't been anything sort of too shocking, but obviously we have to be prepared for the worst case scenario.

I'm sorry. I just have one last thing to say and then I'll get out of here.

For you saying the illegal stuff and

basically moderating what happens on Pump Fund, I had an idea. And since I guess I'm talking to Pump Fun right now, can you guys tell me if this is illegal or not? It's an idea for Pump Fun.

I was thinking about... Well, I was thinking about fucking a girl live on Pump Fun tonight because my birthday is tomorrow.
So I thought it'd be super exciting and crazy and different.

But is that illegal or not? I'm genuinely asking, it's something that I'm

very serious about. The girl is coming over.
Is that illegal? Is this something that I can put on pump fun? Fucking a girl live.

Um, okay, so very serious question. Very serious.
No, very serious question. I mean, okay, let's put it this way: like we are very free speech speech-oriented.

Um, obviously, sort of sexual content does exist

on the web. Um, so yeah, I hope you sort of take the answer as we sort of say it basically.
So yeah. I love you guys so much.
Thank you so much for having me up here. Sapuji and Alan, I love y'all.

Oh, somebody sent me an interesting link earlier. It was somebody smoking meth on one of these live streams for money.
It's actually a tweet here.

Do you have a smoking meth on what has happened to PumpFun? A news site called Decrypt pointed out that PumpFun has seen some pretty gnarly stuff.

A young teenager got his mom to bounce her boobs on camera to pump a coin. And when he got it to pump, he sold his whole stake in it.

And then there was another guy who went live after creating the the Truth or Dare token, and someone dared him to cover himself in isopropyl alcohol and then shoot fireworks at himself.

And so he did it. The guy set himself on fire and burned pretty bad.
He was rushed to the Miami hospital where he suffered third-degree burns on a large portion of his body.

People do some pretty wild stuff on Pump Fun.

We're going to take a quick ad break here, but stay with us because Jared's going to top all those stories and do something even more wild.

This episode is sponsored by Zapier. I love trying out new AI tools to see what they do and whether they can help me.
But just because an app has AI slapped on it, doesn't magically make it useful.

This is where Zapier comes in. It's a platform that doesn't rely on hype but still puts AI to work across your company.
I've been using Zapier for years.

One thing I did last year was I set it up so that when you text a phone number, it'll auto-tweet what's in that text message. And I took this to a party and had a blast watching people tweet as me.

I was very impressed with how easy it was to get the automation working.

With Zapier's AI orchestration platform, you can make use of over 6,000 connected apps and even link their functionality to top AI models like ChatGPT or Claude.

If you need help with auto-filling spreadsheets, to reviewing surveys, to recruiting, to e-commerce, I mean, the list just doesn't end.

You could join the millions of businesses that are transforming how they work with Zapier and AI. Get started for free by visiting zapier.com/slash darknet.

That's spelled z-a-p-i-e-rzapier.com/slash Zapier.com/slash darknet.

So he's starting to have qualms with the ethics of this project and is questioning if this is even something he should be working on.

Then, on top of that, he started to get upset with the team and decided to move out of the communal living space and get his own apartment. Aside from all these long, long-standing concerns,

I'm really bad with money. I was making good money, but the thing is, like, I just spent it all on just

because I am bad with money and I do party.

Not anymore. I'm 21 days sober today.
Like, I'm trying my best not to be that person. And so, thank you.
I'd rather, I'd much rather survive this oil ordeal and not drink myself to death.

But for a while there, I was going off the rails and thought. So I had the money and I got this apartment.
I got in this apartment. I didn't like it very much.

Literally, I know it's kind of like standard, especially for Central London to have.

money and brooches and shipped.

However, I was very unpleased. I wanted a different apartment like immediately.

I asked for them to square up to the day of that month that I had worked, which was like halfway through the month, so I can get some money to find a better apartment. They said, no.
I said,

can you like why? They said, this will look like preferential treatment at this point. We have three other people working now.

Among you, the CEO did mention, promise rather, that I was going to get weekly pays, which would have helped me out a lot. I would not have been in this situation.
However, it was monthly eventually.

And what happened is I said, well, can you pay all bonuses? And he says, no, like bonuses to everyone so it is preferential and stuff.

And so, with a head full of alcohol and the lack of ADHD meds, and the depression from the loss of his mother, and being in an apartment with mice and rats in a town he's totally unfamiliar with, and working for this mega-profitable crypto startup, which wasn't aligning with his ethics and morals, everything swirled together into focus for Jarrett.

Did you know what you were about to do? Like, were you aware of your actions at all?

Psychiatric report confirms that I was aware of what I was doing, like totally unaware of the illegality of my actions.

I had no idea any of this fallout would happen i had no idea that police would care i i didn't i didn't think this throughout

i really didn't so um unfortunately i am where i am i gotta deal with the repercussions of my actions i gotta learn there are consequences to my actions so i'm just resigned to it so where does this begin you like do you see uh the vulnerability and the code and then just decide to exploit it as soon as you find it Yeah, and funny enough, I did report it a couple of weeks before that.

There was just no action to patch it or fix it. Well, you're the developer.
I know, but I reported it. I tried to tell the CTO.

And Jared said, like, you know, yourself, like, hey, you should fix this. Yeah, I'm busy.

Sure, true enough. No, I mean, true enough.

This hack is probably one of the more complex hacks I've ever talked about. I didn't understand it when Jared explained it.
I didn't understand it when I read an article explaining it.

I didn't understand it when I asked my DGen friends to explain it. It took a long time of me reading article after article, trying to fully grasp what happened.

And I'll summarize it just for the geeks out there who like the technical aspects like me. When a token is made on PumpFund, it pretty much is just available on PumpFund.

But when enough people buy it, it then gets graduated to Radium, which is a DEX, a decentralized exchange. And this makes it a little bit more official because it's on this decentralized exchange now.

And so for the to graduate out of PumpFund into the DEX, PumpFund sends a bunch of Solana along with it in order to fund the liquidity pool on the DEX.

So what Jared did is he took out a flash loan and bought all the tokens needed to graduate the meme coin over to the DEX, and then he immediately sold the meme coin to pay back the flash loan.

Then, using his insider access, he redirected where the Solana was supposed to go. Instead of it going to the decks, it went to somewhere that he controlled.

This would allow him to take anywhere from 1 to 80 Solana coins every time he could get a coin to graduate out of Pump Fun and onto the Radium Dex.

But Jarrett, being Jarrett, wrote a little program to try to do it to not just one or 10 or 20, but thousands, tens of thousands of pump fun meme coins.

Because every time he could get one of them moved over to the decks, he'd make a few thousand dollars.

So he wrote this program and executed it, taking out thousands of flash loans, pumping projects and redirecting the Solana that was supposed to go to the decks to somewhere else he controlled.

Then he immediately sold the meme coins to pay the loan back. On May 16th, 2024, he decided he was going to execute this program.

It was all built and ready, and once triggered, it would just automatically try to hit as many meme coins as possible on PumpFun. I was not thinking straight at all.

I was just that out of it that I didn't understand what was going on. I didn't even know what I was writing while I was writing it.
It's very interesting.

Any idea

why you were so out of it? Like, what do you mean by out of it?

Probably without

any psychotic medication for about six months, wouldn't do it. I'm a diagnosed schizoaffective person with panic disorder.

bipolar and antisocial personality disorder. And depending on how you talk to ADHD, the new news psych report, the new psych report believes me to have one diagnosis.

He doesn't think there's any psychotic symptoms, nor are there so long, so long as I'm sober.

However, he thinks just ADHD and maybe naked to a personality disorder, but he didn't want to actually declare it, just needs more assessment. So gosh, I just do that.

No wonder you called Stack Overflow. It's a memory leak, isn't it? That's the vibe.
It's my Instagram and my no-log Instagram is 256 bits of confusion.

Yes, it's

that was a lot. You just told me like a whole bunch of diagnostics, right, right,

just rattled one after another.

Yeah, yeah, yeah.

Well, the first one was more than 15 years ago, wasn't it? I got diagnosed.

The last three years of my life, I've spent more than two years in hospital or permanent, more long-term hospital

grounds, I guess, or like residences or programs. I read through Jarrett's psychiatric report.
It was conducted on him to see if he knew what he was doing at the time of this hack.

The report is kind of dark. The dude was addicted to cocaine his whole life, but he had been off it for the last three years.

He's been hospitalized for mental issues six times in the last three years. One was just to go through the excruciating detox from cocaine.

And in the report, he admitted to attempt suicide a few times by taking too many meds. He often has these extreme cases of paranoia where even the smallest things can trigger it.

Like he gets hallucinations sometimes. Little everyday manageable events become not so manageable or like, or like even self-care, all that stuff.

It just becomes, it's a slippery slope into insanity, really.

The psychological report says that the day he did the hack, he was aware enough to know what he was doing, but not aware of the legality of what he was doing.

It's kind of like the spotlight of consciousness was only focused on the here and now, and no light was shed on the possible future or the consequences.

You see this vulnerability, you have this episode, a psychotic episode, and you're just like,

oh my gosh let's see like let's see if this can work i don't really care like i mean do you have do you have kind of a i'm i'm thinking about that moment right before pushing enter

well yeah that's the thing the moment right before pushing enter and i'm glad you phrased it like that because it was quite the uh

leading up to it i i got paranoid again i couldn't be in the same building as them i thought they would lash out and stuff and like I had to like surreptitiously move to a cafe close by and stuff.

And like, I had to sneak around and like, and like look around the corner so they couldn't see me and stuff. But then, at the very moment, I was hovering over the entry key, right?

I stepped back and I said, Well, let's just, let's just think about it for a second. Let's draft a tweet here.
And so,

it was actually a Facebook post originally. It was, yeah, I'm going to show you.
You got 2.1 million views.

This is the tweet.

It basically summarizes my thoughts at that very moment.

No, magic. Everybody be cool.
This is a robbery. What it do, stack and stack? I'm about to change the course of history and then then rot in jail.
Am I insane? Nah. Am I well? Very much not.

Do I want anything? My mom raised from the dead. And barring that, life without parole.

Okay, so you string a series of tweets. And you got 2.2 million views, this thing.

Yeah. So you knew this was going to steal money.
Who'd you think it was going to steal money from?

The users. That's the thing.
I limited the damages enough that they could pay back the users. That's not a big deal giving up the fire guy.

Now, um did you have any estimate on how much money you would be stealing

uh 40 million

40 million no it says in it says in it says in the tweet about 80 million but i was just being silly if done right this heist is going to steal 40 million dollars worth of solana from the users of pump fun in his tweet he even goes so far as to say it might cause a solana outage suggesting that this hack could be so catastrophic to solana that it causes a chain split similar to what happened to ethereum classic i don't know why i said the Solana fork thing.

People, people laugh about it constantly these days. They quote this thing still and say, I'm not even thinking you're gonna cause the fork of Solana fork.

It's just very interesting that people think I'm bad. I mean, I was.
I was always, I was always not well on our output.

Okay, so you write the tweet and then hit enter. Yeah.

I'm gonna start getting phone calls on Telegram over and over again. So I uninstalled Telegram.

How was that? I went to

walked around in circles and I was running out of battery. One of the employees comes running by me.

And like, I even just put up my hands at a beach sign, but he like ran right by me and looked both ways down the road and ran off in a different direction.

I said, well, that's my hints that I should get some cover. God protect me in that instance.
So let's go get some cover.

His program was working flawlessly.

He was taking out flash loans, pumping projects until it would flip over to the decks and then sell those coins, pay back the flash loan, and then redirect in the Solana that was supposed to go to the decks.

But here's the thing. his program had one other trick up its sleeve.
His mission wasn't to make money, he wanted to be dramatic and theatrical, remember?

So his hack was programmed to send the coins he was getting to random Solana projects that he liked. In fact, he never had possession of the stolen Solana at any time.

They were automatically redirected to random people in the world, and he had thousands of wallets that he was sending this money to.

There's about 95 total thousand addresses, 95,000 total total addresses that could have potentially received funds. Out of those, only about 2,000 did, again, because I'm not good at math.

And it was forced to actually hit everybody more than once.

Regardless, yeah, just random jokes. I actually asked somebody at some point, I says, who do you believe to be more deserving subset of users on Solana?

And this is how I came online. Hundreds of Pump Fund coins were getting hit by this.
And as the script continued running, thousands were getting hit.

The owners of Pump Fund quickly became aware that their site was under attack and were looking for Jarrett.

But at that point, someone gave Jarrett some money and he checked into a hotel room not even a block away from the offices to try to lay low for a while.

And I'm just trying to catch your emotional reaction when you're seeing it actually working. Like, shit, it worked.

I didn't anticipate. Yeah, I mean, there's that.
The first, okay, the first one when it went through, I was like, oh, shit, it didn't work.

Yeah, then it was obviously multiplier, like doing these on a

asynchronous loop and stuff.

So there's many thousands or a couple of minutes, whatever, but like, at least attempts right because there's again many hundreds of thousands in total that fails however um

i guess

i was more worried about getting the thing to have more successful transactions than language emotional response again again somebody who's diagnosed presently with aspd and potentially next personality disorder i don't really understand emotion the way that most people do it's more technical and it's more more uh like i don't process emotions in languages is what i should say yeah how does that work it's like i'm on the moon and i have a telescope and I can kind of witness what other people go through by viewing them through the telescope and I can emulate as best as I can and it comes off pretty well, but I really have no idea what I'm doing.

It's just through emulation at a very long distance. Pump Fun creators couldn't stop it.
They wanted to, but simply had no tools to combat this.

And they just sat there staring at the devastation unfolding. Thousands of Solana tokens were being taken and redistributed to random Solana projects.
Eventually, the PumpFun team came up with a plan.

They increased the transaction fees that were being charged on the site. This way, every time Jarrett bought some Pump Fund tokens, he'd be charged a ridiculous amount.

And the increase in fees actually did put an end to this because the flash loans that Jarrett was taking out simply couldn't cover the extra fees required to pump the token anymore.

And even if it did, it would likely make this plan be a lot less profitable. So somewhere between 30 to 60 minutes in, the elaborate and wild robbery of Pump Fun came to an end.

Jarrett was able to pilfer 12,600 Solana coins at the time and send them all to random addresses, other projects that he thought were deserving of the money. He didn't keep a single token for himself.

In total, it was about 2 million US dollars worth of Solana.

So the victims here were the people who were using these meme coins on PumpFun. They had their liquidity stolen.

PumpFun had to take responsibility for this and spend their own money putting back the liquidity into these projects that got it stolen from.

So in the end, the biggest loser here is actually PumpFund. And they were mad.
They learned pretty early on that Jarrett must have been behind this.

His sudden disappearance, strange behavior, and wild tweets were clues alone. But tracing this through, they also could see that it was an insider who was redirecting the funds.

So they called the police to help them hunt down and arrest Jarrett.

Two days later, they found me. Three days later, actually, they found me again 90 meters from the office.
They sent somebody up to my sister's house in Canada

in that time. And there was a private, what was it called? Like

International Security Service was hired to find me, which is why they found me, I guess. But I was just eating a burger across the street.

And they saw me and reported me into an warning cop show that I was on.

Somewhere in the middle of it all, he discovered that his wallet was receiving huge amounts of meme coins, and he couldn't quite understand why.

By the time this was all over, he had about $600,000 in meme coins in his wallet.

But he just handed the private key of that wallet over to the pump fund team because he wasn't trying to make money off this himself and felt like he already made the statement he was trying to make.

Two or three in the morning, I was asleep. I was fast asleep.
The cops show up and they knock on the door. And I said, I should go in.
Not really the person I've ever been arrested. And they come in,

these gentlemen, and it was cordial and stuff. I eventually went to go pick up a glass bottle of full of water to pour myself a water.
I didn't know I was under arrest at this point.

And they said, can you put the bottle down? I just wanted some water. He says, I'll get you some water.
I was like, sure, if you like. Thank you.

Anyway, they're terrifying.

I've learned since that the reporter for the alleging party said that I would tend to violence very quickly, which is not true at all, categorically, also historical, all of that stuff.

And they were worried I would destroy the evidence

upon the police arrival.

A body can just won't prove otherwise. It was great for me.

Then I went to the station, stayed overnight. They saw me in the morning, talked to a psychiatrist, three psychiatrists actually.
They said that probably you shouldn't answer questions.

I've been really a bit concerned about myself. Listen,

I have not had medication in like six months. I don't think I can answer questions right now.
So that's what happened. Then I was in a hospital for a month.
Came out. I was late on my rent.

I paid my rent. Bill says that be here.

Been here since.

Got drunk for like two months straight, if you will. And then decided one Monday to stop drinking, started doing recovery groups, and have been sober since.

The court looked at his case and decided that he'll receive a maximum of 14 years in prison for this and a minimum of seven.

How do you feel about that?

No, I have no idea.

I'm not really phased. I've been through worse and

it's just unfortunate. I'm glad mom's not allowed to see this.
I really have

my reservations about my nieces knowing that I'm in jail. That will suck for them.
But the point is,

yeah, I'm not, I see no issue with it. It's a good jail.
I mean, no jail is a good jail, but it's the UK. I mean, it's not

like... dirt floor.

You can get a degree and there's like libraries. I'll be fine.
You can buy beeps at canteen. You'll be fine.
You'll be fine.

I'll be fine. I'll be fucking thing is like, I begged for it in the tweet.
Like, you just saw the tweet, like, I begged for it.

Like, at that point, anything was better than living with the roaches and mice here in the spring up center. Um, at that point, I really just didn't want to live where I was living.

I didn't want to deal with the things anymore. And I thought to myself, Joe's preferable to this.
And so I did the stupid thing. And now I, now I got to face the music.

So you really are a character out of like Sarchar or Camus or Kafka or something.

The Mice and rats made me drove me crazy to the point where I committed a crime to go to jail for seven years. But at the same time, I wanted to spread the wealth to everyone else who deserved it.

This is ridiculous.

This is what it is.

This is all facts. I mean, you're welcome to do your research and cross-reference, but this is the series of events that exactly what I

don't even know what to think of all this.

How do you want this story to end? Like, you're going to go to jail and you're going to be watching the news. And what news are you hoping to see?

I know invariably that they're going to run off with the mining at Simple, all of the user funds, which is much more than 300 words. Hold on.

It's kind of ironic that you said that because when you go to the site pump.fun, a pop-up shows up and it says. Pump prevents rugs by making sure all created tokens are safe.

They say they're the ones preventing rugs, but you're saying, no, they are going to run pull.

I believe so i i i have firm firm beliefs yes it's that last part that really makes me worried where it says all created tokens are safe what are you talking about should i be concerned they aren't safe like if i go to my bank's website it doesn't say we promise your money's safe here yeah it's pretty it's a it's a it's a class act anyway but um i i firmly believe that uh that's that's the end goal for them uh whether or not they go to a centralized version themselves they pitch themselves as the next ftx the first time it's it's really long story but i guess in the nutshell i really,

I really wish that I could have some effect where I limit the damages this time around, but I guess I won't be able to.

Well, it is kind of ironic that Jarrett thought the site was going to rug everyone else, but he rugged them first. Like, really, he's the one who took money from the users, you know?

It was only the site that had to reimburse everyone. So interesting, I guess that's the key, the key there.
So when I came over, so over, I didn't anticipate that

they were planning this heist to be exactly what it is. And now I am firmly convinced that it will be what everybody doesn't expect, apparently.

And so,

yeah, they believe that money to be theirs. I have no idea how much they have in TPL.
It was 80 million on May 16th or whatever.

It's exponentially more now, probably. And so

it will be mayhem encourage. I don't hope for that.
I just know that'll happen.

Yeah.

So Jared thinks the owners of the site are going to rug pull all the users of Pump Fund, take all the money that's locked into the site and close up.

But it seems like the site's making a lot of money, so I'm not sure. Like, why butcher a cash cow, you know?

But this was Jared's whole point, to try to warn everyone before it happens and to be dramatic and theatrical about it.

I seem sold at the time that I was in the right. And like, I still, I still, I still swear that I'm fine by my demons here.
Like, I,

like, even in that letter that I, I'll just read this out loud. I need to be honest, I do not feel remorseful for the damages caused by Bataan Corporation Limited.

Of late, they've been earning north of one million quid a day from the systemic exploitation of the friends and family of people posting unregulated tokens to the site each and every day.

There's absolutely no damage to them. They have not recouped many times over.
I petition you, Your Honor, to continue the relative harm here.

While my actions may have caused temporary disruption, the ongoing practices of Bataan Corporation Limited pose a far greater and more sustained threat to individuals and families who are unknowingly drawn into these exploitative schemes.

So Jared pled guilty and even admitted guilt on Twitter, which got 2 million views. And it was all said that on October 25th, 2024, he was going to be sentenced.

However, last minute, he changed his mind and he asked his lawyers to vacate his guilty plea. And they were like, seriously? And they quit.
They didn't want to represent him anymore.

So he told the court, he's changing his mind. He's not guilty, which now means there's a much bigger process ahead for this case.
And it might take months to solve.

So we'll see where Jared ends up in the next few months. Oh, and this episode was really hard to make because PumpFun is always changing.

Just before I was about to publish this, there was a surge in new users at PumpFun. And along with that came a surge of new live streamers.
And things got pretty wild.

Some guy was holding a goldfish at gunpoint, saying, buy my coin or I'll kill the fish. Another guy was live streaming himself pooping for four days.

He was sitting on the toilet for four straight days trying to pump his coin. Another guy locked himself in a dog cage until his coin would hit a certain price.

And someone else locked their grandma in a cage until the coin would hit a certain price. I saw the photo, but I'm pretty sure it was fake.

Another guy was firing his gun out the window every time the coin went up a certain amount. And I also heard reports of some live streaming bestiality.

And there were reports of people threatening to shoot their pet dog unless their coin pumps.

And I heard a report that there was someone live streaming threatening to shoot their family unless their coin got to a certain height.

And someone live streamed themselves tying a rope around their neck, saying, unless their coin hits a certain amount, they're going to hang themselves. And the coin didn't make it.
So he hung himself.

But then as the stream continued, some viewers were like, nah, I can see your hand moving. That's fake, bro.

Anyway, all this sparked an outcry on Twitter, especially from the crypto community saying, whoa, PumpFun, you've got people killing themselves on camera. You need to make some rules, guys.

You're going to ruin everything. On top of that, the Pump Fun team themselves was actively taking down live streams that had repulsive or dangerous content.
And it got to be too much.

The PumpFun team simply couldn't keep up with the constant stream of awful content that they were trying to remove.

So they turned off the live streaming feature altogether and issued a statement saying they simply can't moderate effectively with the current user base size.

And they need to scale up their moderation abilities and make it clear what's allowed and what's not allowed before allowing live streaming back on.

All I can say is I think this is just PumpFun's origin story. I don't know what's going to happen next, but it almost feels like one of those internet moments that I'm tuned into now.

And I'm going to have a box of of popcorn ready for whatever happens next. Aside from that, it was a pleasure, Jack.
And if you do get around to publishing this, I just want to say that

I recommend everybody get some more spun and more time to torture grass. That's about it.
Thank you.

Seriously. All right.
We'll take advice from you.

Thank you.

I can't do trust a bunch.

This episode was created by me, the Cyber Klutz, Jack Reef Sider. Our editor is Control-Alt-Defeat, aka Tristan Ledger.

Mixing by Proximity Sound, our intro music is by the mysterious Breakmaster Cylinder. Why was the computer tired when it got home? Because it had a hard drive.
This is Darknet Diaries.