Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool.
According to Dappd CEO @MoonMark_ on Twitter, hackers took advantage of the “public burn function” in SafeMoon’s newest contract. This function reportedly allows to burn tokens from any other address. DeFi Mark, who is also a Solidity developer, tweeted that the attacker used said bug to remove SFM tokens from the SafeMoon WBNB Liquidity Pool, which led to the artificial inflation of the token’s price.
<p lang=«en» dir=«ltr» xml:lang=«en»>#Safemoon was just hacked for $8.9M.After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.
The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code… pic.twitter.com/bovlyVoq1i
— DeFi Mark (@MoonMark_) March 28, 2023
Data gathered by blockchain security firm PeckShield revealed that the hacker was able to sell the massively overpriced SFM tokens back into the liquidity pool within the same transaction, thereby draining the remaining wBNB in the pool. This method is fairly common among hackers and has been seen in several exploits.
<p lang=«en» dir=«ltr» xml:lang=«en»>It seems last upgrade introduced a public burn bug. https://t.co/tQhBOP59q3 https://t.co/uH3kscGzzP pic.twitter.com/TUKLig5kIg— PeckShield Inc. (@peckshield) March 28, 2023
SafeMoon has assured its users that it was taking:
“Swift actions in an attempt to resolve the issue.”
CEO John Karony clarified that the decentralized exchange was safe and
Read more on ambcrypto.com