SafeMoon, a cryptocurrency token, has become a victim of a security breach, which led to the loss of $8.9 million from its liquidity pool. Hackers exploited a newly created “burn” smart contract function that inflated the price of the token, enabling them to sell it at an exorbitant price. The SafeMoon team confirmed the attack and stated that it is currently working on resolving the issue.
What are liquidity pools in DeFi platforms?
DeFi platforms have become increasingly popular in the cryptocurrency world as they provide a decentralized and secure way of trading cryptocurrencies. Liquidity pools are large deposits of funds (cryptocurrency) that facilitate trading, provide market liquidity, and generally allow exchanges to function without borrowing from a third party. These pools are an essential part of DeFi platforms as they enable traders to buy and sell cryptocurrencies easily.
SafeMoon’s security breach
SafeMoon confirmed the security incident on Twitter and stated that it is currently working on resolving the issue. The attack occurred on Tuesday, March 28, and affected the SFM:BNB liquidity pool but not the platform’s exchange. The CEO of SafeMoon, John Karony, stated that they have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit. He also assured users that their tokens remain safe and that the other LP pools on the DEX have not been affected, nor have any of the platform’s upcoming upgrades and releases.
Details of the exploit – burn bug
Blockchain security experts PeckShield shared more details about the vulnerability exploited by the hacker to carry out the $8.9 million heist against SafeMoon. According to PeckShield, a recent update introduced a new SafeMoon smart contract function that burns tokens. Unfortunately, the function was mistakenly set to public without restrictions, allowing anyone to execute it as they wished. The SafeMoon team had previously stated that this system would only be used for emergencies, such as when the liquidity pool would face risks with malicious smart contracts, excessive slippage, and other transient losses.
The hacker utilized the function to burn large amounts of SafeMoon tokens, causing the price of the token to shoot up in price. As soon as the price increased, another address sold SafeMoon at the manipulated price, draining $8.9 million from the SafeMoon:WBNB liquidity pool.
The aftermath of the burn bug attack
A few hours after the attack, the actor who converted the SafeMoon to BNB claimed they were not the initial hacker but “accidentally performed a front run” after the price was artificially inflated due to the exploit of the burn() function. While it is not clear if the owner of this wallet is the same person who exploited the bug, they offered to return the stolen funds to SafeMoon. They left a comment on the transaction, saying, “Hey relax, we are accidentally frontrun an attack against you, we would like to return the fund, set up a secure communication channel, let’s talk.”
Since then, the person has transferred 4,000 Binance Coins (BNB), worth $1,264,440.00, to another address, making the front run look less accidental.