Safemoon LP Exploited for $8.9M; SFM Tokens Remain ‘Safe,’ CEO Says
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
:format(jpg)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Co-Leader of the CoinDesk tokens and data team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
The Safemoon token liquidity pool (LP) was drained of nearly $9 million worth of tokens on Wednesday after attackers manipulated a faulty feature on its smart contracts.
Blockchain data shows several tokens were exchanged in the wee hours on Wednesday in a single transaction, with the attacker ultimately stealing billions of Safemoon’s SFM tokens locked on an LP.
A liquidity pool is a basket of tokens locked in a smart contract. Liquidity pools are used to facilitate decentralized trading, lending, and borrowing between users without relying on third parties.
Safemoon’s SFM tokens fell over 40% in early Asian hours before slightly recovering at writing time.
Safemoon is a decentralized finance (DeFi) token that has four functions that take place during each trade: fee reflection, LP acquisition, token burn and growth fund – with these factors contributing to making safemoon one of the biggest gainers in the 2021 bull market.
Safemoon developers said Wednesday their liquidity pair (LP) had been compromised. “We want to inform you that our LP has been compromised. We are taking swift action in an attempt to resolve the issue as soon as possible,” developers tweeted.
Safemoon CEO John Karony said in a follow-up tweet the exploit was related to a single LP on BNB Chain.
“I want to make clear that our DEX is safe. This ultimately affected the SFM:BNB LP pool,” Karony said. “We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit.”
Some developers pointed to a faulty burn feature on Safemoon’s smart contracts as a key reason behind the exploit.
“The attacker took advantage of the public burn function, this function let any user burn tokens from ANY other address (code attached),” Dappd CEO DeFi Mark posted on Twitter.
“The attacker used this function to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM,” DeFi Mark noted, adding this was an “extremely elementary exploit that many contracts in the space have been falling victim to.”
Edited by Greg Ahlstrand.
DISCLOSURE
Please note that our
privacy policy,
terms of use,
cookies,
and
do not sell my personal information
has been updated
.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a
strict set of editorial policies.
CoinDesk is an independent operating subsidiary of
Digital Currency Group,
which invests in
cryptocurrencies
and blockchain
startups.
As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of
stock appreciation rights,
which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG
.
Shaurya is the Co-Leader of the CoinDesk tokens and data team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.
Shaurya is the Co-Leader of the CoinDesk tokens and data team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
