{"id":76368,"date":"2023-03-29T12:21:24","date_gmt":"2023-03-29T09:21:24","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=76368"},"modified":"2025-09-10T17:02:30","modified_gmt":"2025-09-10T14:02:30","slug":"safemoon-dex-loses-about-9m-in-hack","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/safemoon-dex-loses-about-9m-in-hack\/","title":{"rendered":"SafeMoon DEX loses about $9m in hack"},"content":{"rendered":"<p>An unknown actor compromised SafeMoon&#8217;s liquidity pool on the BNB Chain and withdrew assets worth about $9 million.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">To our valued community,<\/p>\n<p>As you may be aware, on Tuesday 28 March, SafeMoon\u2019s Liquidity Pool was compromised. We have taken swift action to resolve the situation and protect our community. I want to make clear that our DEX is safe. This ultimately affected the SFM:BNB LP pool.\u2026<\/p>\n<p>\u2014 John Karony (@CptHodl) <a href=\\\"https:\/\/twitter.com\/CptHodl\/status\/1640914110350016512?ref_src=twsrc%5Etfw\\\">March 29, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The CEO of the platform, John Karony, said the liquidity pair involved was the SFM\/BNB pair.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cWe detected a suspected exploit, fixed the vulnerability and engaged an on-chain-forensics consultant to determine the exact nature and scope of the incident\u201d, he noted.<\/p>\n<\/blockquote>\n<p>Karony assured that the hack did not affect other pools or SafeMoon&#8217;s wallet, and that user funds are safe.<\/p>\n<p>PeckShield experts suggested that the bug exploited by the hacker arose from a previous update to the burn function code. The vulnerability allowed the attacker to manipulate the price of SFM and, in a single transaction, withdraw from the contract <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-a-wrapped-token\">wrapped<\/a> BNB (WBNB) worth nearly $9 million, according to <a href=\\\"https:\/\/bscscan.com\/tx\/0x48e52a12cb297354a2a1c54cbc897cf3772328e7e71f51c9889bb8c5e533a934\\\">BscScan<\/a>.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Hi <a href=\\\"https:\/\/twitter.com\/safemoon?ref_src=twsrc%5Etfw\\\">@safemoon<\/a> The upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer. (Admin key leak?) And here comes the upgrade tx. <a href=\\\"https:\/\/t.co\/ffAhm9qhgG\\\">https:\/\/t.co\/ffAhm9qhgG<\/a> <a href=\\\"https:\/\/t.co\/KYEiYxMRII\\\">https:\/\/t.co\/KYEiYxMRII<\/a> <a href=\\\"https:\/\/t.co\/9CQhseircP\\\">pic.twitter.com\/9CQhseircP<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1640855857910149122?ref_src=twsrc%5Etfw\\\">March 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Several hours after the incident, an unknown actor sent a signed transaction to SafeMoon&#8217;s deployment address:<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cHey, relax, we accidentally front-ran the attack against you and would like to return the funds. Let\u2019s set up a secure channel of communication and talk\u201d.<\/p>\n<\/blockquote>\n<figure class=\\\"wp-block-image size-large\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" width=\\\"1024\\\" height=\\\"118\\\" src=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/image-141-1024x118.png\\\" alt=\\\"image-141\\\" class=\\\"wp-image-202687\\\" srcset=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/image-141-1024x118.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/image-141-300x35.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/image-141-768x88.png 768w\\\" sizes=\\\"auto, (max-width: 1024px) 100vw, 1024px\\\" \/><figcaption>Data: <a href=\\\"https:\/\/bscscan.com\/tx\/0xf98a8b7e3ffee676f06f0c037141483ec2c9cf8753a57fbcdbd718590e4d77ff\\\">BscScan<\/a>.<\/figcaption><\/figure>\n<p>The exchange team began an on-chain messaging thread. The hacker proposed continuing communication via email.<\/p>\n<figure class=\\\"wp-block-image size-large\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" width=\\\"1024\\\" height=\\\"118\\\" src=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/image-141-1024x118.png\\\" alt=\\\"image-141\\\" class=\\\"wp-image-202688\\\" srcset=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/image-141-1024x118.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/image-141-300x35.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/image-141-768x88.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/image-141.png 1363w\\\" sizes=\\\"auto, (max-width: 1024px) 100vw, 1024px\\\" \/><figcaption>Data: <a href=\\\"https:\/\/bscscan.com\/tx\/0x9335559f951b3ae42218fff473ebd9fdf3231e8e10d157a6b6d629c5a30ba65f\\\">BscScan<\/a>.<\/figcaption><\/figure>\n<p>Earlier, on March 13, an unknown <a href=\"https:\/\/u1f987.com\/en\/news\/euler-finance-hacked-for-196-million\">hacked<\/a> the DeFi protocol Euler Finance and withdrew assets worth $196 million, including 85,800 ETH.<\/p>\n<p>However, on March 25 he returned to the project <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-behind-euler-finance-breach-returns-more-than-100-million-in-ethereum\">a large portion of the stolen funds<\/a> \u2014 more than 58,700 ETH. Three days later the hacker <a href=\"https:\/\/u1f987.com\/en\/news\/euler-finance-hacker-returns-over-23214-eth-and-10m-in-dai\">continued<\/a> reimbursing the stolen assets, sending Euler Finance 23,214 ETH and $10.7 million in the stablecoin DAI.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown actor compromised SafeMoon&#8217;s DEX liquidity pool on the BNB Chain and withdrew assets worth about $9 million.<\/p>\n","protected":false},"author":1,"featured_media":76369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,787],"class_list":["post-76368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-dex"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/76368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=76368"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/76368\/revisions"}],"predecessor-version":[{"id":76370,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/76368\/revisions\/76370"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/76369"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=76368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=76368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=76368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}