The cryptocurrency industry has unfortunately fallen prey to a multitude of hacks and scams. The perpetrators have exploited even the smallest vulnerabilities in various projects to loot significant sums of funds. Particularly, DeFi hacks have been on the rise as the attackers keep DeFI projects under their radar.
The latest victim of a DeFi hack is SafeMoon. SafeMoon’s smart contracts were breached by attackers, allowing them to loot over $8.9 million worth of tokens. The attack was soon identified as the team took to their Twitter account to address it.
Soon after the attack, John Karony, the CEO of SafeMoon, addressed the community about the incident. He reassured the community that the DEX and tokens are safe. Karony also mentioned that other LP pools have not been affected.
To our valued community,
As you may be aware, on Tuesday 28 March, SafeMoon’s Liquidity Pool was compromised. We have taken swift action to resolve the situation and protect our community. I want to make clear that our DEX is safe. This ultimately affected the SFM:BNB LP pool.…
— John Karony (@CptHodl) March 29, 2023
What was the vulnerability that caused the SafeMoon exploit?
Twitter user and web3 developer DeFi Mark took to his Twitter account to express what caused the exploit. He stated that looking at the new smart contract of SafeMoon helped him identify the obvious cause of the exploit. Mark highlighted that the attacker took advantage of the public burn function to carry out the attack. The public burn function lets users burn tokens from any other address.
#Safemoon was just hacked for $8.9M.
After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.
The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code… pic.twitter.com/bovlyVoq1i
— DeFi Mark (@MoonMark_) March 28, 2023
Mark stated that by utilizing this specific function, the attacker successfully withdrew SFM tokens from the Safemoon-WBNB Liquidity Pool, thereby inflating the price of SFM. Taking advantage of this situation, the perpetrator was able to sell SFM back into the same LP at an outrageous price, effectively depleting the remaining WBNB in the liquidity pool. Perhaps he also mentioned that this has become an elementary exploit in the DeFi space. Mark also warned not to let any user burn tokens from any address.
SafeMoon recently provided an update on the exploit, stating that they are trying to find a full resolution to the situation. The team also addressed that they “will be reintroducing liquidity to their LP as soon as is practical, but some account features may be limited during this period.“