SafeMoon [SFM]: Hackers say ‘relax’ as DEX loses millions in exploit

  • Decentralized exchange SafeMoon was exploited to the tune of $8.9 million earlier today.
  • The hackers took advantage of a public burn bug to drain one of the DEX’s liquidity pools.

Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool.

Hackers took advantage of a public burn bug

According to Dappd CEO @MoonMark_ on Twitter, hackers took advantage of the “public burn function” in SafeMoon’s newest contract. This function reportedly allows to burn tokens from any other address. DeFi Mark, who is also a Solidity developer, tweeted that the attacker used said bug to remove SFM tokens from the SafeMoon WBNB Liquidity Pool, which led to the artificial inflation of the token’s price. 

Data gathered by blockchain security firm PeckShield revealed that the hacker was able to sell the massively overpriced SFM tokens back into the liquidity pool within the same transaction, thereby draining the remaining wBNB in the pool. This method is fairly common among hackers and has been seen in several exploits. 

SafeMoon has assured its users that it was taking:

“Swift actions in an attempt to resolve the issue.”

CEO John Karony clarified that the decentralized exchange was safe and that the exploit was limited to the SFM WBNB liquidity pool. He added that the DEX’s team had met with key advisors and formulated a plan to protect token holders and the community. 

Interestingly, in the hours following the exploit, the hackers reportedly attached a note in one transaction, stating that they wanted to return the exploited funds. According to PeckShield, the hackers had already returned 4000 Binance Coin [BNB] worth over $1.2 million.

The note read:

“Hey relax, we are accidently frontrun an attack against you, we would like to return the fund, setup secure communication channel, lets talk.”

Data from CoinMarketCap shows that SFM tanked over 25% following the attack on SafeMoon’s liquidity pool. The token fell as low as $0.000177. The token had recovered to $0.000213 at press time.

Source: https://ambcrypto.com/safemoon-sfm-hackers-say-relax-as-dex-loses-millions-in-exploit/