Safemoon Hack: Hackers Exploit ‘Burn’ Bug Resulting in $8.9 Million Loss from Liquidity Pool
The SafeMoon cryptocurrency token suffered a security breach resulting in the loss of $8.9 million from its liquidity pool, as hackers took advantage of a recently added „burn“ smart contract function to inflate the token’s price and sell it for a high profit. SafeMoon has acknowledged the incident and assured its community that measures are being taken to address the issue.
DeFi platforms rely on liquidity pools, which are sizable cryptocurrency funds that enable smooth trading, provide market liquidity, and allow exchanges to operate independently without seeking funds from external sources.
According to John Karony, the CEO of SafeMoon, the attack on the platform took place on March 28, and impacted the SFM:BNB liquidity pool alone, while the exchange remained unaffected.
Karony’s statement reassures that the suspected exploit has been identified, and the vulnerability has been fixed. Additionally, the platform has engaged the services of a chain forensics consultant to assess the nature and extent of the exploit.
PeckShield, a team of blockchain security experts, has disclosed further information about the vulnerability that was exploited by the hacker responsible for the $9M heist against SafeMoon.
By utilizing the burn function, the hacker was able to burn significant amounts of SafeMoon tokens, which resulted in a significant increase in the token’s value.
Once the value of SafeMoon surged, another address took advantage of the manipulated price and sold SafeMoon, causing a drain of $8.9 million from the SafeMoon:WBNB liquidity pool.
The individual who had converted the SafeMoon to BNB a few hours after the attack claimed that they were not the original hacker, but had accidentally executed a front run, taking advantage of the artificially inflated price due to the exploitation of the burn() function.
It remains unclear whether the wallet owner is the same person who exploited the vulnerability. However, they have come forward and expressed their willingness to return the stolen funds to SafeMoon.
Although, the person has subsequently transferred 4,000 Binance Coins (BNB) valued at $1,264,440,00 to another address, raising questions about the legitimacy of the front run being accidental.