Connect with us

DeFi News

DEX SafeMoon Exploited for $9 Million




SafeMoon, a decentralized exchange (DEX) on BNB Chain, is the latest victim of DeFi hacks as hackers siphoned off nearly $9 million from a liquidity pool of the platform.

SafeMoon developer, on late Tuesday, March 28th, announced to the community that one of its platform’s liquidity pools (LPs) has been compromised. The announcement read:

“To the @SAFEMOON community: We want to inform you that our LP has been compromised.

We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates.”

The Recent Update Introduced a Bug

According to the blockchain security firm PeckShield, the last update to the SafeMoon might have introduced a so-called public burn bug. The firm believes that this bug enabled the hacker to burn most SFM tokens in the Safemoon SFM/BNB LP pool, artificially raising the token’s price so the contract’s WBNB could be drained in one transaction.

John Karony, on Wednesday, March 29th, confirmed the exploit and noted that the incident only affected the SFM: BNB LP. All other LPs and the SafeMoon protocol are safe, and the engineering team has patched the vulnerability.

Karony said:

“In the hours since, our team has met with key advisors to agree on a plan that protects token holders and the community. We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit.”

The protocol’s native SFM token jolted down as it has fallen more than 16% in the last 24 hours.

The Hacker is Ready to Return the Funds

In an interesting development some hours later, PeckShield shared a screenshot of BscScan data of a transaction involving the SafeMoon hacker. In the note, the hacker said they had accidentally attacked the protocol and were ready to negotiate and return the funds. The note reads:

“Hey, relax, we accidentally frontrun an attack against you, we would like to return the fund, setup secure communication channel, lets talk.”

However, there is no update or confirmation on whether the SafeMoon team is in talks with the hacker/s.