- SafeMoon has fallen prey to a token burn bug exploit in its smart contract.
- The team issued a community alert, acknowledging the incident and assuring users they were working on a solution.
- A staggering $8.9M was recently drawn from Safemoon due to the apparent exploit.
SafeMoon, a DeFi project with a community-driven focus, suffered an exploit due to a token burn bug in the smart contract, as reported by security firms. The project’s team issued a community alert on March 29th, revealing the compromised liquidity pool.
Hi @safemoon The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?) And here comes the upgrade tx. https://t.co/ffAhm9qhgG https://t.co/KYEiYxMRII pic.twitter.com/9CQhseircP
— PeckShield Inc. (@peckshield) March 28, 2023
In response to the exploit, SafeMoon has acknowledged the issue and assured its users that it is taking the necessary steps to address the problem. However, the project has not provided any further details regarding the incident.
SafeMoon’s CEO, John Karony, who goes by the name CptHodl on Twitter, retweeted the initial statement regarding the exploit on his account but did not provide any additional comments.
Surprisingly, according to DeFi Mark, a Web3 developer, a staggering $8.9 million was recently drawn from Safemoon due to the apparent exploit in their latest contract.
#Safemoon was just hacked for $8.9M.
After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.
The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code… pic.twitter.com/bovlyVoq1i
— DeFi Mark (@MoonMark_) March 28, 2023
The public burn() function, which allowed any user to burn tokens from any other address, was manipulated by the attacker to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially inflating the price of SFM.
In the same transaction, the attacker sold SFM into this LP at an exorbitantly high rate, wiping out the remaining WBNB in the liquidity pool. Unfortunately, this basic exploit has been used on multiple contracts within the space, underscoring the importance of not allowing users to burn tokens from any address.
According to Coinmarketcap data, Safemoon`s native token SFM has tanked by over 13% in the previous 24 hours, lowering its price to $0.0002051. This indicates that the Safemoon community is reacting negatively to the developments. It is, however, to be seen how the team will respond to the community’s concerns and take further steps to prevent such incidents from occurring in the future.