On Thursday, December 18, 2025, Jarett Dunn stood before Wood Green Crown Court and received his sentence: six years in prison for draining $2 million worth of Solana from Pump.fun. What followed was a complex saga of mental health struggles, viral "Robin Hood" fame, and the platform's unprecedented growth to $927 million in revenue.
The Attack: 100 Minutes That Changed Everything
At 3:21 PM UTC on May 16, 2024, Jarett Dunn—then a senior developer at Pump.fun with just six weeks of employment—used his privileged access to execute what would become one of the most infamous insider attacks in DeFi history.
The Technical Execution
Dunn exploited his access to admin keys and withdraw authority to execute a sophisticated attack:
- He used flash loans from Raydium to borrow large amounts of SOL.
- With borrowed SOL, he bought tokens across multiple Pump.fun launches until they reached 100% on their bonding curves.
- He withdrew the bonding curve liquidity, repaid the flash loans, and pocketed the difference.
- Total haul: 12,300 SOL (~$1.9-2 million at the time).
The Immediate Confession
Unlike typical hackers who attempt to cover their tracks, Dunn immediately joined a Twitter Spaces audio conversation where he explained his motivations in real-time. Within minutes of completing the attack, he took to Twitter with a series of cryptic and defiant posts.
Everybody be cool, this is a robbery... I'm about to change the course of history. [And] then rot in jail.
The Robin Hood Distribution
Rather than cashing out through mixers, Dunn immediately began distributing all $2 million to random Solana wallet addresses. He targeted holders of various Solana tokens and NFTs with no discernible pattern. In the Twitter Spaces, Dunn explained that he wanted to "kill" Pump.fun because the platform had "inadvertently hurt people for a long time," earning him a cult following among traders who branded him the "Robin Hood of crypto."
The Manhunt and Legal Saga
Dunn's arrest wasn't a simple police investigation—it involved a private intelligence firm contracted by a third-party stakeholder. Using open-source intelligence and timing analysis, operatives tracked him to London. On May 17, 2024, British police arrested him at a hotel near the Pump.fun offices.
Following a complex legal battle involving mental health assessments, a withdrawn plea, and a breach of bail conditions, Dunn was finally sentenced in December 2025. The judge weighed the severity of insider abuse and the financial harm against Dunn's mental health struggles, ultimately dismissing the "whistleblower" defense as a post-arrest rationalization.
The Platform That Survived
While Dunn's legal saga unfolded, the platform he attempted to destroy evolved from a London WeWork operation into one of the most successful applications in cryptocurrency history.
Growth Metrics: From $44M to $927M Revenue
The attack, rather than killing Pump.fun, appears to have supercharged its growth. The publicity surrounding Dunn's persona and the controversy over whether the platform enabled scams drew massive attention.
- At time of attack (May 2024): $43.9 million lifetime revenue.
- As of December 2025: $927.2 million lifetime revenue (2,012% growth).
- Market Dominance: The platform now accounts for 77% of all Solana token launches.
Insider Threats in Crypto
Dunn's case highlights a disturbing pattern of insider attacks in the cryptocurrency industry, joining recent incidents like the Pond.fun hack and Coinbase data breaches. Insider threats are uniquely dangerous in crypto due to the irreversibility of blockchain transactions and the absolute authority provided by private keys.
As Dunn begins his sentence and Pump.fun continues its growth, the crypto industry must reflect on what this case reveals about its vulnerabilities. The six-year sentence isn't just punishment for one developer's crime—it's a warning to an entire industry about the consequences of privileged access, untreated mental illness, and inadequate security controls.