Cryptocurrency platform SafeMoon lost $8.9 million after a hacker exploited a newly created ‘burn’ smart contract function that artificially inflated the price of SafeMoon tokens.
Liquidity pools in DeFi platforms are large deposits of funds that facilitate trading, provide market liquidity, and generally allow exchanges to function without borrowing from a third party.
The attack affected the SFM:BNB liquidity pool but not the platform’s exchange, and SafeMoon has confirmed the security incident and stated that it is currently working on resolving the issue.
According to blockchain security experts PeckShield, the vulnerability exploited by the hacker was introduced by a recent update that mistakenly set the SafeMoon smart contract function that burns tokens to public without restrictions, allowing anyone to execute it as they wished. SafeMoon’s CEO, John Karony, had previously stated that this system would only be used for emergencies, like when the liquidity pool would face risks with malicious smart contracts, excessive slippage, and other transient losses.
The hacker used the function to burn large amounts of SafeMoon tokens, causing the price of the token to shoot up in price, and then sold SafeMoon at the manipulated price, draining $8.9 million from the SafeMoon:WBNB liquidity pool.
After the attack, the actor who converted the SafeMoon to BNB claimed they were not the initial hacker but “accidentally performed a front run” after the price was artificially inflated due to the exploit of the burn() function.
While it is not clear if the owner of this wallet is the same person who exploited the bug, they are offering to return the stolen funds to SafeMoon.
The person has already transferred 4,000 Binance Coins (BNB), worth $1,264,440.00, to another address, making the front run look less accidental. SafeMoon has assured its users that their tokens remain safe and that the other LP pools on the DEX have not been affected, and nor have any of their upcoming upgrades and releases. The company is engaging a chain forensics consultant to determine the precise nature and extent of the exploit.
