Decentralized finance (DeFi) platform SafeMoon suffered a liquidity pool breach due to a public token bug that allowed an attacker to drain wrapped BNB (WBNB) from the protocol. SafeMoon confirmed the attack on Twitter and stated that it was taking immediate steps to resolve the issue. However, it did not provide any details about the incident.
According to blockchain security firm PeckShield, the bug was introduced during the last contract upgrade initiated by the official SafeMoon Deployer, and the admin key might have been leaked.
Meanwhile, web3 developer DeFi Mark explained that the attacker exploited the public burn function, enabling users to burn tokens from any address. By removing SFM, SafeMoon’s native token, from the WBNB liquidity pool, the attacker artificially spiked the price of SFM.
Then, the attacker sold the overpriced SFM tokens into the same liquidity pool, draining the remaining WBNB. Mark estimated SafeMoon lost $8.9 million due to an “extremely obvious exploit.”
“This is a very basic exploit that many crypto contracts have been vulnerable to. It’s not a good idea to let any user burn tokens from any address,” Mark warned.
The attack on SafeMoon highlights the risks associated with DeFi platforms and the importance of robust security measures. DeFi projects have attracted significant attention from investors, and the sector has witnessed explosive growth over the past year.
However, DeFi platforms are still in their early stages, and many projects are vulnerable to security breaches and smart contract exploits. As such, investors must conduct thorough due diligence before investing in DeFi projects and ensure that they understand the risks involved.
Additionally, DeFi projects must prioritize security and implement robust security measures to safeguard users’ funds and prevent similar incidents from occurring in the future.