Attackers Steal $8.9M Using Publicly Available Token Burning Feature – Here’s the Latest
A hacker has made off with $8.9 million worth of digital assets after exploiting a vulnerability in the BNB chain-based DeFi exchange Safemoon.
According to crypto security firm Peckshield, the attacker exploited a public burning feature introduced in the latest upgrade.
The feature included a bug that allowed the hacker to compromise the project’s liquidity pool and drain nearly $9 million worth of assets.
Web3 developer DeFi Mark on explained that the attacker used the vulnerability to remove SafeMoon (SFM) tokens, causing an artificial increase in the token’s price.
The attacker took advantage of the situation and sold out tokens at a high price.
“The attacker used this feature to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM,” the crypto guru said.
“The attacker was then able to sell SFM to this LP at a grossly overpriced price within the same transaction, wiping out the remaining WBNB in the liquidity pool.”
In a recent tweet, the team behind Safemoon confirmed the hack, noting that the project’s LP was compromised.
Without disclosing further details about the attack, SafeMoon confirmed taking steps “to resolve the issue as soon as possible.”
Safemoon describes itself as a community-driven DeFi protocol that has a deflation utility token, SFM. It runs on the BEP-20 token standard, built on the Binance Smart Chain (BSC).
The project was launched in the first quarter of 2021 and came with several features such as static rewards, acquisition of liquidity pool and burning strategy.
In particular, the project was previously supported by a number of high-profile celebrities and social influencers such as Jake Paul and Soulja Boy.
However, the project has been at the center of scandals and legal issues recently.
A February 2022 lawsuit alleged that musicians such as Nick Carter, Soulja Boy, Lil Yachty, and YouTubers Jake Paul and Ben Phillips mimicked real-life Ponzi schemes by misleading investors into buying SafeMoon (SFM) tokens under the guise of unrealistic profits.
Safemoon Leadership Under Fire
In May of last year, internet detective Coffeezilla made a series of allegations against SafeMoon’s founder, lead developer and CEO, alleging that management used funds intended for SafeMoon’s liquidity pool to enrich themselves.
SafeMoon’s founder, who is known as Kyle and there is very little information about him, allegedly copied the code of another smaller blanket project called Bee Token to create SafeMoon.
By analyzing SafeMoon’s wallets and blockchain activity, the researcher found that founder Kyle had been slowly withdrawing funds since its inception. He said at the time:
“The total amount of SafeMoon that entered Kyle’s wallet was 164 trillion tokens. Fast forward to mid-September to mid-December, this brought him just under $10.3 million.”
After Kyle stepped aside, lead developer Thomas “Papa” Smith took over as the project’s leader.
However, Coffeezilla revealed in its investigation that Smith also took $143 million of the project’s liquidity pool over 18 transactions.