Spotlight

Safemoon Liquidity Pool Compromised Thanks To Token Burn Bug

Safemoon Liquidity Pool Compromised Thanks To Token Burn Bug

Table of Contents

DeFi project Safemoon has announced that its liquidity pool has been compromised, according to a statement on its official Twitter handle. 

So far, the amount of funds stolen due to the exploit remains unknown. 

Liquidity Pool Compromised 

Safemoon stated that it is taking steps to resolve the matter. However, details around the issue remain sketchy at best. 

“We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates. Thank you for your support as we work to address this situation.”

CEO John Karony retweeted the same statement but has not commented further. Safepool is a Metaverse, blockchain, NFT, and Web 3.0 building and innovation ecosystem. However, the company has been at the center of several controversies since its launch in March 2021. 

The Bug In Question 

While Safemoon has remained mum about the incident, several others have commented on the developments. Security firm PeckShield has stated that an update to a contract introduced a burn bug that allowed anyone to destroy tokens. PeckShield stated that the upgrade looked to be initiated by a deployer contract, making it possible that there was an admin key leak. However, the firm could not state how much crypto, if any, has been compromised. 

“Hi @safemoon, The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?).”

Meanwhile, Web 3.0 developer DeFi mark stated that SafeMoon was hacked for $8.9 million, adding that he was able to identify an obvious exploit. The public burn function allows users to burn tokens from any other address. The attacker exploited this function to remove SFM tokens from the SafeMoon WBNB Liquidity Pool, artificially inflating the price of the native token. 

Attacker Reaches Out 

Following the news of the exploit, the protocol’s native SFM token tanked, dropping as much as 30%. However, barely hours after the exploit, the attackers in question responded to a message in the transaction thread, seemingly suggesting that they were willing to return the funds to Safemoon, which indeed they did. Data from Peckshield showed that the attackers had sent 4000 BNB tokens worth $1.2 million. 

“Hey, relax. We are accidentally frontrun an attack against you. We would like to return the fund, set up a secure communication channel, lets talk.”

Controversy’s Child 

The attack and subsequent compromise could not have come at a worse time for Safemoon, which had recently been promoting its security offering, Orbital Shield. While the exploit is not related to this product, it does not really inspire confidence in the project’s security products. The protocol has been dogged by controversy since its inception in 2021. In 2022, the protocol came under heavy criticism from YouTuber Coffeezilla, who stated that the project’s former CEO, known only as Kyle, had committed fraud. He also alleged that the current CEO had stolen from his own project. 

The protocol has also been the subject of a number of class action lawsuits, further damaging its reputation. The lawsuits have accused the project of being a pump-and-dump scheme and is in violation of several securities laws. The SFM token saw a considerable surge when one of the lawsuits was dropped. However, that gain proved to be very short-lived. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.   

Investment Disclaimer

You may like