- The most recent upgrade added a public burn feature that allegedly enables users to burn tokens from different addresses.
- Almost $8.9 million in total was lost to the hacker.
After hackers exploited a flaw in the Safemoon token liquidity pool’s smart contracts on Wednesday, the pool lost nearly $8.9 million worth of tokens.
Jake Paul and Soulja Boy previously supported the initiative SafeMoon, which recently disclosed that its liquidity pool (LP) had been compromised. Without providing any additional information regarding the attack, SafeMoon acknowledged it is taking action to resolve the issue as quickly as possible.
Through the use of a code function, the hacker was able to artificially inflate the price of SFM tokens. He then used the same transaction to sell sufficient tokens returned to the liquidity pool to essentially remove WBNB from the contract.
SafeMoon received backing from numerous celebrities in 2021, just like many other cryptocurrency initiatives. But according to a lawsuit filed in February 2022, artists like Nick Carter, Soulja Boy, Lil Yachty, and YouTubers Jake Paul and Ben Phillips imitated real-life Ponzi scams by convincing investors to buy SafeMoon (SAFEMOON) tokens under the guise of unrealistic profits.
According to an investigation into the SafeMoon breach, the attacker stole about 27,000 BNB, totaling $8.9 million. Users can no longer leave remarks on the announcement that disclosed the LP compromise.
In a subsequent post, Safemoon CEO John Karony explained that the exploit was specific to one LP on the BNB Chain. Says Karony
“We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit.”
A flaw in the burn function of Safemoon’s smart contracts was cited by some developers as a significant factor in the exploit. DeFi Mark, CEO of Dappd, tweeted:
“The attacker took advantage of the public burn function, this function let any user burn tokens from ANY other address,”
As seen above, the attacker also left a message with the transaction that read:
“Hey relax, we are accidently frontrun an attack against you, we would like to return the fund, setup secure communication channel , lets talk.”
Investors are advised against participating in the project until SafeMoon formally declares a resolution to prevent potential financial loss. As a result, SFM coins for Safemoon experienced a 40% decline in early Asian hours before marginally recovering.