Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SafeMoon. Show all posts

SafeMoon: Threat Actors Exploit the “Burn” Bug, Stealing $8.9M From Liquidity Pool


The SafeMoon token liquidity pool lost $8.9 million, after a threat actor took advantage of a recently developed "burn" smart contract function that artificially inflate the token price, enabling the actors to sell SafeMoon at a much higher price. 

SafeMoon confirmed the incident, stating on Twitter that it was working to fix the issue. In another follow up announcement, the company's CEO, John Karony, gave some details on the event, saying that the "DEX is safe" and that it "ultimately affected the SFM:BNB LP pool." 

"We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit," reads Karony’s statement. 

"Users should be assured that their tokens remain safe. I want to assure you that the other LP pools on the DEX have not been affected, and nor have any of our upcoming upgrades and releases," the announcement continues. 

Details of the Exploit 

PeckShield, a Blockchain security company has released more details in regard to the vulnerability exploited by the attackers to organize the $9 million heist against SafeMoon. 

According to PeckShield, a new SafeMoon smart contract feature, that burns tokens was recently introduced. Unfortunately, the function was mistakenly implemented for public use with no restriction, enabling anyone to use it however they pleased. 

According to earlier statements by Karony, this approach would only be employed in extreme circumstances, such as when the liquidity pool would be threatened by malicious smart contracts, significant slippage, or other transient losses. 

The threat actor made use of this function to burn huge amounts of SafeMoon tokens, which caused the token's price to skyrocket. 

As soon as the price rose, SafeMoon was sold at the inflated price by a different address, depleting the SafeMoon: WBNB liquidity pool of $8.9 million. Following the attack, the hackers apparently converted SafeMoon to BNB. 

Interestingly, researchers discovered a remark appended to a transaction from the second address, stating they were not the original hackers but “accidentally performed a front run” as the price was artificially inflated as a result of the burn() function exploit. The comment seems like an attempt to establish a communication channel between parties: “Hey relax, we are accidently front-run an attack against you, we would like to return the fund, setup secure communication channel , lets talk.” 

Additionally, the wallet owner has since transferred 4,000 Binance Coins (BNB), which are currently worth $1,261,972.52. Although it could appear to be a gesture of goodwill, researchers reacted to the transfer with skepticism, questioning the validity of the second wallet owner's assertions that he was unrelated to the original exploiter.