The alleged mastermind behind the Solana memecoin Pump.fun protocol exploit has been arrested in London.

according to Block worksCiting sources familiar with the operation, British authorities arrested Garrett Dunn, a former contractor known online as @STACCoverflow, in the early hours of May 18.

The arrest is said to have come after a meticulous 26-hour intelligence operation initiated by a third party who hired a private intelligence company. The operation made use of social media posts and other publicly available information to trace Dan's whereabouts in London.

Local agents, or 'helpers', were reportedly deployed in a large-scale search that eventually led them to the Middle Eight Hotel in Covent Garden. Dan was found in a hotel room and taken into custody seven hours later.

Interestingly, the timing of his arrest coincided with his last social media post on

After his arrest, Dan was released on bail, according to his own post on X and confirmation from the intelligence firm.

He is expected to remain in the UK until his court appearance, scheduled for August.

The Pump.fun platform, which simplifies launching tokens on the Solana (SOL) network, was exploited on May 16, resulting in the loss of more than 12,300 SOL worth an estimated $2 million at the time.

The attacker used flash loans from Raydium, Solana's lending protocol, to perform this exploit. Flash loans are decentralized finance (defi) tools that allow users to borrow large amounts of capital.

In this case, the attacker manipulated Pump.fun peg curves, a mechanism that determines token prices based on supply.

By reaching 100% on these curves, the hacker was able to access and withdraw Raydium's allocated liquidity, and then repaid the flash loan, making significant profits.

Following the incident, Pump.fun began working with law enforcement to investigate the breach.

Igor Igamberdiyev, head of research at cryptocurrency market maker Wintermute, was among the first to suggest that an internal private key leak may have facilitated the hack. Dan, under the pseudonym @STACCoverflow, subsequently admitted his role in the exploit, posting a series of rambling tweets in which he expressed his desire to “change the course of history” and openly discussed his mental health struggles and grief over his mother's death.

He also confirmed that the stolen funds will be distributed to various Solana token holders.

Dunn's posts indicated that at least seven individuals were eligible for these payments, though he did not provide details about the distribution process or deadlines.

His letters also indicated a motive driven more by emotional distress than financial gain.