Hacker Steals $9M from SafeMoon

  • SafeMoon said that only its SFM:BNB liquidity pool (LP) was affected, and that it had located the suspected exploit, and patched the vulnerability.
  • The bug was allegedly introduced with the latest SafeMoon upgrade, and allowed the attacker to burn the majority of SFM in the pool, artificially inflating its price.


The liquidity pool (LP) of BNB Chain-based crypto exchange SafeMoon has been compromised, with the attacker draining close to $9 million worth of assets from the platform, the company said via Twitter on 29 March.

While SafeMoon did not release a lot of information regardin the exploit, on-chain data shows the attacker was able to transfer approximately 27,000 BNB tokesn (around $8.9 million) out of its liquidity pool. The CEO of the decentralized exchange (DEX), John Karony, assured users that the platform had “taken swift action to resolve the situation”, and that the exploit only affected the SFM:BNB liquidity pool. Karony noted:

“I want to assure you that the other LP pools on the DEX have not been affected, and nor have any of our upcoming upgrades and releases. I also want to assure you that the SafeMoon Wallet, secured by Orbital Shield, continues to be a safe place to store your crypto.”

Although Karony did not reveal how the exploit happened, SafeMoon had already “located the suspected exploit” and patched the vulnerability. Blockchain security firm PeckShield, however, said its investigation pointed to a recent software upgrade — which introduced a public burn function that allowed users to burn tokens from other addresses — as the potential culprit to introduce the bug.

Using this bug, the attacker was able to artificially raise the price of the SFM token using a code function, and in the same transaction sold enough SFM tokens back to the liquidity pool to effectively drain the BNB from the contract.

Launched in 2021, SafeMoon received a lot of attention from numerous celebrities who backed the project, including musicians such as Nick Carter, Soulja Boy, Lil Yachty, and YouTubers Jake Paul and Ben Phillips. In February 2022, however, a lawsuit alleged that these celebrities mimicked Ponzi schemes by misleading the public to purchase tokens from SafeMoon under the pretext of high profits.

Related Coverage
Exploiter Returns 90% of “Recoverable Funds” to Euler Finance
  • The remaining $31 million worth of crypto assets were returned late on Monday, marking a successful end to Euler Finance’s recovery efforts.
  • The total value of assets returned is a little over $177 million, which is 90% of the “recoverable funds” after adjusting for the 10% bounty previously offered.
April 4, 2023, 3:32 PM


Binance Temporarily Paused Spot Trading Due to a Bug
  • Crypto exchange Binance disabled spot trading for about two hours after its matching engine encountered a bug on a trailing stop order.
  • All services have now been restored, but the platform said that trailing stop orders will be disabled “for the time being”, and existing ones will be cancelled.
Euler Finance Gives $200M Exploiter an Ultimatum
  • DeFi lending protocol Euler Finance has given the exploiter 24 hours to return 90% of the $197 million he stole in a flash-loan attack on Monday.
  • If the funds were not returned in time, the protocol is ready to post a $1 million bounty on any information that could lead to the arrest of the attacker.