Meme Coin Project SafeMoon Rekt for $9M Due to Public Mint Bug

  1. Home
  2. Cryptocurrency
  3. Meme Coin Project SafeMoon Rekt for $9M Due to Public Mint Bug

Meme Coin Project SafeMoon Rekt for $9M Due to Public Mint Bug

| | Cryptocurrency |

A recent upgrade to meme coin SafeMoon’s smart contract saw the project robbed of $8.9 million—and then stolen again.

What happens when a hacker gets front run?

Just three hours after SafeMoon upgraded its smart contracts, an exploiter identified and leveraged a bug in the code that led to the loss of roughly $8.9 million from the memecoin’s liquidity pool.

In a unique turn of events, however, the exploiter that initially leveraged the vulnerability was then quickly front run by another address.

The front runner then sent a message to SafeMoon’s deployer contract to open negotiations: “Hey relax, we are accidentally front run an attack against you, we would like to return the fund, setup secure communication channel, let’s talk.”

What Is SafeMoon and Why Are So Many People Talking About Its New Wallet?

If you’ve scrolled past the #SAFEMOONWALLET hashtag blaring on Twitter today, you may not have realized the token with a $2.5 billion market cap—sometimes derided as a Ponzi—has some actual product news. Cryptocurrency project SafeMoon today opened sign-ups for a closed beta version of its wallet. It’s welcoming 500 users to test the product, which will purportedly hold the SafeMoon token. Since the advent of cryptocurrency, dozens of Bitcoin forks, Ethereum wannabes, and even Dogecoin knockoffs…

Front running is when a crypto address identifies a pending lucrative trade or transaction on the blockchain, such as this exploit, and then pays a very high gas fee to get the same trade or transaction executed before the original.

The front runner later wrote in a transaction to SafeMoon, “Let’s discuss the detail, please send a message from same address containing your email address, and contact us by email: [REDACTED].”

SafeMoon did not immediately respond to Decrypt’s request for comment.

Unpacking the SafeMoon bug

Though it would appear the front runner wants to return the funds to the SafeMoon team, the real concern is how the exploit managed to find its way into the smart contract.

“A public mint bug means the hacker can call the function to burn the liquidity in the pool and then swap for the remaining WBNB,” a spokesperson from PeckShield told Decrypt via Telegram. WBNB is a wrapped version of Binance’s native exchange token BNB, which makes it easier to interact with native BNB Chain applications.

“The hacker basically buys SFM [SafeMoon] at the beginning, next exploits the public mint bug to increase the SFM price, and then sells SFM with the profit >$8.9m,” the spokesperson said.

“It is a trivial bug, really nothing fancy. […] And it should not be present in the upgrade at all.” the PeckShield spokesperson said, “[it is] likely this upgrade is not audited.”

One Twitter user claimed they were able to identify the exploit after two minutes of reviewing SafeMoon’s smart contract.

“The specific bug’s root cause was the lack of proper access control to a function which should be for privileged usage only.” Gonçalo Magalhães, smart contract engineer at Immunefi told Decrypt. “This is a common security vulnerability which is usually caught at the auditing phase of a smart contract.”

This means that people who had their tokens in a liquidity pool (WBNB-SFM) were at risk of losing their tokens. One Twitter user claims they lost 4 million SFM, or roughly $800 at press time.

As for the SafeMoon team, its CEO John Karony said that they hired a chain forensics consultant who located the issue and has reportedly resolved it.

“Users should be assured that their tokens remain safe. Because we have flexibility in our tech, we have faith that we will be able to bring this matter to resolution,” he said.

Tags No Tags

Related Post:

Australian and New Zealand Citizens & Residents Can Now Trade Blocksquare Token with Ease through Stormrake Cryptocurrency Brokers

April 15, 2024 0

NiceHash to Host First Bitcoin Conference in Maribor in Celebration of its 10th Anniversary

April 9, 2024 0

Hypernative joins Flare to proactively safeguard Web3 ecosystem

April 6, 2024 0

Blockhain Sophon Secures $10M in Funding from Renowned Investors While Shrouded in Mystery

March 31, 2024 0

PlayDapp Announces Mainnet Launch: User-Friendly Blockchain for Ecosystem

March 25, 2024 0

Bifrost brings BTCUSD and native Bitcoin staking to Stacks Network with the launch of BTCFi

March 18, 2024 0

Banking Consortium R3 Leads $9M Round in Encrypted Layer 2 on Ethereum

March 16, 2024 0

Conflux Network introduces AxHKD, Hong Kong Dollar-Backed Stablecoin

March 10, 2024 0

Bitcoin Dogs ICO Raises $5.7 Million, Pioneering BRC-20 and Bitcoin Gaming

March 1, 2024 0

Memeinator Blazes Past $4M with Red Apple Tech Partnership News

February 12, 2024 0

Coinbase-Backed DeSo SocialFi App Focus Raises $75 Million in One Week

February 8, 2024 0

InNervation announces “BTCKB” initiative, connecting Nervos CKB and Bitcoin

January 30, 2024 0

Nuvo Unveils Nuscription: Revolutionizing Blockchain Trading

January 21, 2024 0

Tokensoft Partners With Chainwire for Crypto PR Distribution

January 1, 2024 0
How to build an app for your business

How to build an app for your business

January 1, 2024 0

D3 joins forces with Shiba Inu & Viction to launch top-level Web3 domains

December 28, 2023 0

THENA DEX Integrates Orbs’ Liquidity Hub for Enhanced Trading

December 15, 2023 0

Bullish acquires crypto news site CoinDesk in an all-cash deal

November 21, 2023 0


TOP