Community-focused decentralized finance (DeFi) project SafeMoon has been exploited. The cause, according to security firms, was a token burn bug in the smart contract.



On March 29, the SafeMoon team alerted the community that their liquidity pool had been compromised.  [not sure if I can add a link or embed the tweet here]




“We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates. Thank you for your support as we work to address this situation.”




However, there were no updates at the time of writing.



SafeMoon is a blockchain, Metaverse, NFT, and web3 building and innovation ecosystem. Nevertheless, the company has been the center of scandals and legal issues since its launch in March 2021.



SafeMoon Burn Bug



According to blockchain security firm PeckShield, an upgrade contained a “public burn bug.” Furthermore, this led to the exploit, which it said may have been caused by an admin key leak.  




Hi @safemoon The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?) And here comes the upgrade tx. https://t.co/ffAhm9qhgG https://t.co/KYEiYxMRII pic.twitter.com/9CQhseircP — PeckShield Inc. (@peckshield) March 28, 2023




Web3 developer ‘DeFi Mark’ reported that SafeMoon was hacked for $8.9 million. He added that he was able to identify an “extremely obvious exploit.”



The public burn function lets any user burn tokens from any other address. The attacker used this function to remove SFM tokens from the SafeMoon WBNB Liquidity Pool. This artificially raised the price of Safemoon’s native token.



The attacker sold the SFM into the liquidity pool at a heavily overpriced rate within the same transaction. Consequently, the result was a wipeout of the remaining WBNB in the pool.



However, a few hours after the exploit, the attackers posted a message in the transaction suggesting they were willing to return the funds. PeckShield reported that they had already sent 4,000 BNB worth $1.2 million.




“Hey relax, we are accidently frontrun an attack against you, we would like to return the fund, setup secure communication channel, lets talk.”




SFM Tanks 30%



The SafeMoon native token tanked 30% following the exploit a few hours ago. As a result, SFM is currently trading at around $0.00018.



SFM/USD 24 hours – BeInCrypto



SFM has lost around 32% over the past week and is down 26% over the past six hours or so. Furthermore, the token is down 94.5% since its January 2022 all-time high of $0.00338.
The post SafeMoon Public Token Burn Exploit Wipes Liquidity Pool, Attackers Say ‘Let’s Talk’ appeared first on BeInCrypto .