Whistleblower Publishes Internal Pump.fun Chats Alleging Security Vulnerabilities

A former developer for Pump.fun has released a large archive of internal Telegram communications, stating that he acted out of concern for his personal safety. In a public statement dated March 3, 2026, the developer, Jarett Dunn, said he no longer felt secure holding the material privately and believed that making it public was the only way to protect himself. He described the release as voluntary and said he received no compensation, promises, or conditions from any party.

Dunn’s statement asserts that he was a member of the Pump.fun development team and a known contributor within the Solana ecosystem. He said the communications he released speak for themselves and reflect the internal development process, security discussions, and operational decisions that shaped the platform during its rapid growth.

He emphasized that he is invoking all rights and protections available under federal and state law and framed the disclosure as an act taken in the public interest.

Allegations Surrounding Development and Security Practices

The materials Dunn published include hundreds of messages exchanged between core developers, auditors, and contributors during the early months of Pump.fun's development. According to Dunn, the chats document the technical work behind the platform’s bonding curve mechanism, its automated market maker (AMM) design, and the integration steps that allowed the system to operate at scale. He said the conversations also reveal the pace and pressure of the project, including long stretches of debugging, rapid feature deployment, and internal disagreements about direction and implementation.

Dunn’s release includes discussions with two independent auditors, bl0ckpain and Pashov, who identified multiple high‑severity vulnerabilities in the platform’s smart contracts. He alleges that these findings were significant enough to warrant full public visibility, particularly those involving insufficient account validation, liquidity handling errors, and authority management issues. The audit reports, which he attached alongside the chats, describe risks that could have allowed attackers to corrupt pool balances, redirect fees, or drain liquidity if left unaddressed. Dunn said he participated directly in the remediation work and believed the public should understand the scope of the issues that were discovered.

The chats also show Dunn’s personal interactions with team members, including discussions about travel, relocation, and the logistical challenges of staying close to the project. He said these exchanges illustrate the environment in which the platform was built and the strain that accompanied its rapid expansion. Dunn claims that the combination of technical pressure, internal conflict, and the sensitivity of the information he held contributed to his decision to step away from the team.

In his statement, Dunn said he feared becoming a target because he was the only person in possession of the full communication history. By releasing the material publicly, he said he hoped to eliminate that risk and ensure that no single individual could be pressured or threatened over the information. He described the disclosure as a protective measure and said the files, images, and transcripts should be evaluated on their own merits.

Dunn’s release includes a link to a public Google drive folder containing the chat archives and supporting images. He said the documents represent his complete account of his time on the project and that the public now has the opportunity to review the material independently.

When downloading files from external sources please scan them for viruses and authenticate and verify them independently before opening.