Safemoon

SafeMoon Hack — March 28-29, 2023

Incident Overview

On the morning of March 29th, 2023, SafeMoon's Liquidity Pool was compromised and USD 8.9M worth of tokens were withdrawn.

Root Cause

A recent update introduced a new SafeMoon smart contract function that burns tokens, and the function was mistakenly set to public without restrictions, allowing anyone to execute it as they wished. The hacker utilized the function to burn large amounts of SafeMoon tokens, causing the price of the token to shoot up in price, and as soon as the price increased, another address sold SafeMoon at the manipulated price, draining $8.9 million from the SafeMoon:WBNB liquidity pool.

Aftermath and Recovery

A few hours after the exploit, the attackers posted a message in the transaction suggesting they were willing to return the funds, and PeckShield reported that they had already sent 4,000 BNB worth $1.2 million. After negotiations with the SafeMoon team, the hacker agreed to return only 80% ($7 million) of the stolen liquidity and kept $2 million of the stolen tokens.

Sources

• https://www.halborn.com/blog/post/explained-the-safe-moon-hack-march-2023

• https://www.zellic.io/blog/safemoon-exploit-explained/

• https://www.bleepingcomputer.com/news/cryptocurrency/safemoon-burn-bug-abused-to-drain-89-million-from-liquidity-pool/

• https://www.coindesk.com/tech/2023/03/29/safemoon-lp-exploited-for-89m-sfm-tokens-remain-safe-ceo-says

• https://beincrypto.com/safemoon-token-burn-exploit-liquidity-pool-attackers-talk/

• https://www.theblock.co/post/223547/safemoon-liquidity-pair-compromised-in-8-9-million-hack

• https://immunebytes.com/blog/safemoon-exploit-mar-28-2023-detailed-analysis/