Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool. According to Dappd CEO @MoonMark_ on Twitter, hackers took advantage of the “public burn function” in SafeMoon’s newest contract. This function reportedly allows to burn tokens from any other address. DeFi Mark, who is also a Solidity developer, tweeted that the attacker used said bug to remove SFM tokens from the SafeMoon WBNB Liquidity Pool, which led to the artificial inflation of the token’s price. Data gathered by blockchain security firm PeckShield revealed that the hacker was able to sell the massively overpriced SFM tokens back into the liquidity pool within the same transaction, thereby draining the remaining wBNB in the pool. This method is fairly common among hackers and has been seen in several exploits. CEO John Karony clarified that the decentralized exchange was safe and that the exploit was limited to the SFM WBNB liquidity pool. He added that the DEX’s team had met with key advisors and formulated a plan to protect token holders and the community. Interestingly, in the hours following the exploit, the hackers reportedly attached a note in one transaction, stating that they wanted to return the exploited funds. According to PeckShield, the hackers had already returned 4000 Binance Coin [BNB] worth over $1.2 million.
Full story : SafeMoon [SFM]: Hackers say ‘relax’ as DEX loses millions in exploit.