Cyber thieves have stolen $8.9 million from cryptocurrency firm SafeMoon after exploiting a recently introduced vulnerability affecting the firm’s liquidity pool.
Liquidity pools are large sums of cryptocurrency locked in a smart contract, providing liquidity for decentralized finance (DeFi) exchanges.
However, the SFM:BNB pool operated by SafeMoon was compromised on March 28, according to John Karony, the company’s CEO.
Read More About Cryptocurrency Heists: Attackers Steal $618M From Crypto Firm.
“In the hours since, our team has met with key advisors to agree on a plan that will protect token holders and the community. We located the suspected exploit, patched the vulnerability and are engaging a Chain Forensics consultant to determine the exact nature and scope of the exploit,” explained Karony.
“Users should be assured that their tokens remain secure. As our technology is flexible, we are confident that we will be able to bring this matter to a resolution.”
Karony claimed that the company’s exchange was not affected, nor any other pools operated by the company or its SafeMoon wallet.
A recent update appears to have been the cause of the flaw exploited in this attack.
“The attacker used the public function burn(), this function let any user burn tokens from any other address. The attacker used this feature to remove SFM tokens from the SFM:BNB liquidity pool, artificially inflating the price of SFM,” Dappd CEO explained to DeFiMark on Twitter.
“The attacker was then able to sell SFM to this LP in the same transaction at a grossly overpriced rate, wiping out the remaining WBNB in the liquidity pool.”
Interestingly, the actor who blames himself for the attack now appears to be saying he carried it out in error and wants to return the money. However, this could simply be a delaying tactic while they launder the stolen crypto.
Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
Comments are closed.