Safemoon Liquidity Pool Compromised: Almost Lost $8.9 million Due To A Public Burn Bug
Almost $9 million worth of SFM tokens was depleted from the Safemoon token liquidity pool on Wednesday after hackers exploited a security flaw in its smart contracts.
According to the data from Blockchain, it shows that several tokens were exchanged early Wednesday in a single transaction stealing billions of SFM tokens locked in its liquidity pools. It seems that the hackers took advantage of a public burn function that led them to burn tokens from any other address. Moreover, the hackers have removed SFM tokens from the Safemoon-WBNB Liquidity Pool using this function and fraudulently inflating SFM’s price and selling it at an overpriced rate.
Due to the attack, the SFM token fell over 40% within 24 hours of the attack but now recovering at this time of writing.
As per the hackers, they have accidentally front-run an attack against Safemoon and would like to return the fund and set up a secure communication channel.
A few hours after the attack, the hackers attached a note on one of the transactions stating that they want to return the stolen funds. In fact, according to Peckshield, the hackers have returned 4000 BNB (Binance coin) worth over $1.2 million. In addition, Safemoon announced that the other LP pool on the DEX is safe and was not affected by the attack.
Safemoon is a DeFi token that runs on four functions; fee reflection, LP acquisition, token burn, and growth fund. This project also aims to provide investors a chance to earn interest in their holdings through these functions. Safemoon was one of the biggest gainers in the 2021 bull market.