Hacker Steals $9M from SafeMoon

  • SafeMoon said that only its SFM:BNB liquidity pool (LP) was affected, and that it had located the suspected exploit, and patched the vulnerability.
  • The bug was allegedly introduced with the latest SafeMoon upgrade, and allowed the attacker to burn the majority of SFM in the pool, artificially inflating its price.


The liquidity pool (LP) of BNB Chain-based crypto exchange SafeMoon has been compromised, with the attacker draining close to $9 million worth of assets from the platform, the company said via Twitter on 29 March.

While SafeMoon did not release a lot of information regardin the exploit, on-chain data shows the attacker was able to transfer approximately 27,000 BNB tokesn (around $8.9 million) out of its liquidity pool. The CEO of the decentralized exchange (DEX), John Karony, assured users that the platform had “taken swift action to resolve the situation”, and that the exploit only affected the SFM:BNB liquidity pool. Karony noted:

“I want to assure you that the other LP pools on the DEX have not been affected, and nor have any of our upcoming upgrades and releases. I also want to assure you that the SafeMoon Wallet, secured by Orbital Shield, continues to be a safe place to store your crypto.”

Although Karony did not reveal how the exploit happened, SafeMoon had already “located the suspected exploit” and patched the vulnerability. Blockchain security firm PeckShield, however, said its investigation pointed to a recent software upgrade — which introduced a public burn function that allowed users to burn tokens from other addresses — as the potential culprit to introduce the bug.

Using this bug, the attacker was able to artificially raise the price of the SFM token using a code function, and in the same transaction sold enough SFM tokens back to the liquidity pool to effectively drain the BNB from the contract.

Launched in 2021, SafeMoon received a lot of attention from numerous celebrities who backed the project, including musicians such as Nick Carter, Soulja Boy, Lil Yachty, and YouTubers Jake Paul and Ben Phillips. In February 2022, however, a lawsuit alleged that these celebrities mimicked Ponzi schemes by misleading the public to purchase tokens from SafeMoon under the pretext of high profits.

Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM


Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss
  • DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
  • Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.