Cyber thieves stole $8.9 million from cryptocurrency company SafeMoon after exploiting a recently introduced vulnerability affecting the company’s liquidity pool.
Liquidity pools are hefty cryptocurrencies locked in smart contracts that provide liquidity to decentralized finance (DeFi) exchanges.
However, the SFM:BNB pool operated by SafeMoon was compromised on March 28, said the company’s CEO, John Karony.
Read more about the crypto heist: Attackers steal $618 million from crypto companies.
“In the next few hours, our team met with key advisors and agreed on a plan to protect token holders and the community. We are working with chain forensic consultants to determine the extent and scope.” Carony explained.
“Users should be assured that their tokens are secure. We believe that the flexibility of our technology will solve this problem.”
Calony claimed that the company’s exchange was not affected, nor were any other pools run by the company or its SafeMoon wallet.
A recently introduced update appears to have been responsible for the bug exploited in this attack.
“The attackers utilized the public burn() function, which allowed users to burn tokens from other addresses. We removed the SFM token and artificially increased the price of SFM.” Dappd CEO Description“DeFiMark” on Twitter.
“The attackers then sold SFM to this LP at a very high rate within the same transaction, wiping out any remaining WBNB in the liquidity pool.”
Interestingly, the actor claiming responsibility for the attack seems to say now They did it wrong and want their funds back. However, this could simply be a delay tactic while laundering stolen cryptocurrencies.
