SafeMoon is a reflective token project that was launched in March 2021, but it suffered a loss of $9 million due to a loophole in the protocol that was exploited. On March 29, John Karony, the CEO of SafeMoon, informed the community that the protocol had been attacked the day before. He clarified that although a SafeMoon liquidity pool was compromised, the decentralized exchange (DEX) was safe, and the attack only affected the SFM/BNB pool. The team acted quickly to resolve the issue and protect the community.
$9 Million Attack Causes SafeMoon Price to Drop
After the attack on SafeMoon’s liquidity pool, the team worked quickly to fix the vulnerability. PeckShield reported that the flaw was introduced through a smart contract update. The attacker exploited the vulnerability to drain approximately $9 million from the SFM/BNB pool by massively withdrawing SFM tokens from the pool. This led to an artificial price increase, which the hacker used to resell the tokens. The massive sale resulted in a 40% drop in the price of SFM tokens.
After the hack, the hacker reportedly contacted the SafeMoon teams via an on-chain message, admitting to carrying out a front-run attack and offering to return the funds by saying: “Hey, relax, we accidentally carried out a front-run attack on you, we would like to return the fund to you, establish a secure communication channel, let’s talk about it.”
They also transferred 4,000 BNB, equivalent to over $1.2 million, to a separate address. SafeMoon teams have been urged to open a communication channel with the hacker.
SafeMoon Hack Reignites a Debate on Smart Contracts
Many internet users have renewed the debate on the immutability of smart contracts after the flaw in the SafeMoon protocol. Initially, smart contracts were immutable to increase user trust by reducing the risk of interference and manipulation. However, following attacks like The DAO, more protocols have been using evolving contracts with proxy smart contracts, allowing for correcting programming errors. But as seen in the SafeMoon incident, the ability to update a smart contract can lead to security issues, making it vulnerable to malicious or unwanted modifications.