DeFi project Safemoon has announced that its liquidity pool has been compromised, according to a statement on its official Twitter handle.
So far, the amount of funds stolen due to the exploit remains unknown.
Liquidity Pool Compromised
Safemoon stated that it is taking steps to resolve the matter. However, details around the issue remain sketchy at best.
“We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates. Thank you for your support as we work to address this situation.”
CEO John Karony retweeted the same statement but has not commented further. Safepool is a Metaverse, blockchain, NFT, and Web 3.0 building and innovation ecosystem. However, the company has been at the center of several controversies since its launch in March 2021.
The Bug In Question
While Safemoon has remained mum about the incident, several others have commented on the developments. Security firm PeckShield has stated that an update to a contract introduced a burn bug that allowed anyone to destroy tokens. PeckShield stated that the upgrade looked to be initiated by a deployer contract, making it possible that there was an admin key leak. However, the firm could not state how much crypto, if any, has been compromised.
“Hi @safemoon, The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?).”
Meanwhile, Web 3.0 developer DeFi mark stated that SafeMoon was hacked for $8.9 million, adding that he was able to identify an obvious exploit. The public burn function allows users to burn tokens from any other address. The attacker exploited this function to remove SFM tokens from the SafeMoon WBNB Liquidity Pool, artificially inflating the price of the native token.
Attacker Reaches Out
Following the news of the exploit, the protocol’s native SFM token tanked, dropping as much as 30%. However, barely hours after the exploit, the attackers in question responded to a message in the transaction thread, seemingly suggesting that they were willing to return the funds to Safemoon, which indeed they did. Data from Peckshield showed that the attackers had sent 4000 BNB tokens worth $1.2 million.
“Hey, relax. We are accidentally frontrun an attack against you. We would like to return the fund, set up a secure communication channel, lets talk.”
Controversy’s Child
The attack and subsequent compromise could not have come at a worse time for Safemoon, which had recently been promoting its security offering, Orbital Shield. While the exploit is not related to this product, it does not really inspire confidence in the project’s security products. The protocol has been dogged by controversy since its inception in 2021. In 2022, the protocol came under heavy criticism from YouTuber Coffeezilla, who stated that the project’s former CEO, known only as Kyle, had committed fraud. He also alleged that the current CEO had stolen from his own project.
The protocol has also been the subject of a number of class action lawsuits, further damaging its reputation. The lawsuits have accused the project of being a pump-and-dump scheme and is in violation of several securities laws. The SFM token saw a considerable surge when one of the lawsuits was dropped. However, that gain proved to be very short-lived.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2023/03/safemoon-liquidity-pool-compromised-thanks-to-token-burn-bug