DEX SafeMoon Exploited for $9 Million

SafeMoon, a decentralized exchange (DEX) on BNB Chain, is the latest victim of DeFi hacks as hackers siphoned off nearly $9 million from a liquidity pool of the platform.

SafeMoon developer, on late Tuesday, March 28^th, announced to the community that one of its platform’s liquidity pools (LPs) has been compromised. The announcement read:

“To the @SAFEMOON community: We want to inform you that our LP has been compromised.

We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates.”

To the @SAFEMOON community: We want to inform you that our LP has been compromised.

We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates.

Thank you for your support as we work to address this situation.

— SafeMoon (@safemoon) March 28, 2023

The Recent Update Introduced a Bug

According to the blockchain security firm PeckShield, the last update to the SafeMoon might have introduced a so-called public burn bug. The firm believes that this bug enabled the hacker to burn most SFM tokens in the Safemoon SFM/BNB LP pool, artificially raising the token’s price so the contract’s WBNB could be drained in one transaction.

Hi @safemoon The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?) And here comes the upgrade tx. https://t.co/ffAhm9qhgG https://t.co/KYEiYxMRII pic.twitter.com/9CQhseircP

— PeckShield Inc. (@peckshield) March 28, 2023

John Karony, on Wednesday, March 29^th, confirmed the exploit and noted that the incident only affected the SFM: BNB LP. All other LPs and the SafeMoon protocol are safe, and the engineering team has patched the vulnerability.

Karony said:

“In the hours since, our team has met with key advisors to agree on a plan that protects token holders and the community. We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit.”

The protocol’s native SFM token jolted down as it has fallen more than 16% in the last 24 hours.

The Hacker is Ready to Return the Funds

In an interesting development some hours later, PeckShield shared a screenshot of BscScan data of a transaction involving the SafeMoon hacker. In the note, the hacker said they had accidentally attacked the protocol and were ready to negotiate and return the funds. The note reads:

“Hey, relax, we accidentally frontrun an attack against you, we would like to return the fund, setup secure communication channel, lets talk.”

#PeckShieldAlert Safemoon exploiter: Hey relax, we are accidently frontrun an attack against you, we would like to return the fund, setup secure communication channel , lets talkhttps://t.co/ylHpIiFmrl
And the exploiter has transferred 4k $BNB to 0x237d5https://t.co/45wnrxzixa pic.twitter.com/BMxHOBvbjF

— PeckShieldAlert (@PeckShieldAlert) March 29, 2023

However, there is no update or confirmation on whether the SafeMoon team is in talks with the hacker/s.