The Safemoon liquidity pool (LP) suffered an $8.9 million loss due to a smart contract exploit, but the CEO ensures SFM tokens’ security.
Safemoon’s token liquidity pool (LP) encountered a massive loss. This loss amounted to almost $9 million in tokens, after an attacker exploited a feature in its smart contracts. The blockchain data indicated that multiple tokens were traded in one transaction during the early morning hours. That then led to the theft of billions of Safemoon’s SFM tokens from the LP.
#Safemoon was just hacked for $8.9M.
After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.
The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code… pic.twitter.com/bovlyVoq1i
— DeFi Mark (@MoonMark_) March 28, 2023
In the decentralized finance (DeFi) landscape, liquidity pools play a crucial role. They act as a collection of tokens locked within smart contracts. These pools facilitate decentralized trading, lending, and borrowing amongst users without the need for middlemen. Safemoon in particular gained significant traction during the 2021 bull market. That was due to its distinctive attributes, such as fee reflection, LP acquisition, token burn, and growth fund.
Subsequent to the attack, Safemoon’s SFM tokens suffered a decline of over 40% in value during the early Asian trading hours. However, they later exhibited signs of recovery.
Safemoon Team and CEO Respond to the Compromise
The Safemoon developers acknowledged the breach of their liquidity pair (LP) on Wednesday. They assured the audience that they were taking swift action to address the issue as promptly as possible. In a tweet, Safemoon CEO John Karony elaborated that the exploit concerned a single LP on the BNB Chain. He maintained that the decentralized exchange (DEX) remained unaffected and secure.
Karony disclosed that the Safemoon team had pinpointed the suspected exploit, rectified the vulnerability, and engaged a chain forensics expert to evaluate the attack’s full scope and impact.
Industry specialists traced the exploit back to a faulty burn feature within Safemoon’s smart contracts.
Hi @safemoon The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?) And here comes the upgrade tx. https://t.co/ffAhm9qhgG https://t.co/KYEiYxMRII pic.twitter.com/9CQhseircP
— PeckShield Inc. (@peckshield) March 28, 2023
DeFi Mark, the CEO of Dappd, explained that the attacker capitalized on the public burn function, which permits any user to burn tokens from any other address. The attacker exploited this function to extract SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially inflating the SFM token price. DeFi Mark emphasized that this type of exploit is relatively basic and has plagued many contracts in the sector.
Safemoon CEO Provides Assurance on SFM Tokens’ Security and Ongoing Initiatives
In a message directed toward the Safemoon community, Karony sought to reassure users that their tokens were still secure. He expressed optimism in the team’s capacity to rectify the situation, owing to their technology’s adaptability. He also confirmed that other LP pools remained unharmed and that the incident would not hinder upcoming upgrades and releases. The CEO further emphasized that the Safemoon Wallet, safeguarded by Orbital Shield, continues to provide a secure storage option for users’ crypto assets.
Karony expressed gratitude to the community for their patience and encouragement as the Safemoon team endeavored to address the exploit, advocating for kindness and solidarity during this challenging time.
Safemoon’s ability to thoroughly investigate and remedy the situation is crucial in maintaining user trust and ensuring the continued growth of its smart contracts and DeFi ecosystem. By responding to the issue promptly and with transparency, the Safemoon team demonstrates its dedication to protecting its community and preserving the value of its SFM tokens.