Cyber-thieves have successfully executed a heist on cryptocurrency firm SafeMoon, managing to steal a staggering $8.9 million. The theft was made possible by exploiting a recently discovered vulnerability in the firm’s liquidity pool.
Liquidity pools play a crucial role in decentralized finance (DeFi) exchanges by providing a significant amount of cryptocurrency locked in a smart contract. However, SafeMoon’s SFM:BNB pool fell victim to exploitation on March 28, as confirmed by the firm’s CEO, John Karony.
Karony reassured the community that steps are being taken to address the situation and protect token holders. The firm has identified the exploit, patched the vulnerability, and enlisted the help of a chain forensics consultant to investigate the extent of the breach.
Despite the attack, Karony emphasized that the firm’s exchange, as well as other pools and the SafeMoon Wallet, remain unaffected. The vulnerability appears to have stemmed from a recent update, allowing the attacker to manipulate the price of SFM tokens by exploiting the public burn() function.
According to DeFiMark, the attacker exploited the burn() function to remove SFM tokens from the liquidity pool, artificially inflating the token’s price. This enabled them to sell SFM tokens at an inflated rate, depleting the remaining WBNB in the pool.
Interestingly, the perpetrator behind the attack has expressed a desire to return the stolen funds, claiming the incident was a mistake. However, skepticism remains high, with concerns that this could be a tactic to buy time for laundering the stolen cryptocurrency.
The incident serves as a stark reminder of the risks associated with the burgeoning world of cryptocurrency and DeFi. As the industry continues to evolve, security measures must be rigorously upheld to safeguard against such malicious attacks.