SafeMoon Exchange Loses $9M in Potential ‘Rug Pull’ Scam

Key Takeaways:

• SafeMoon exchange hack resulted in an $8.9 million fund loss.
• The culprit exploited the public burn feature.
• Evidence suggests the hack might be a rug pull.

YEREVAN (CoinChapter.com) — SafeMoon (SFM), a crypto exchange operating atop the Binance Smart Chain (BSC), lost $8.9 million in a hacking attack on its “public burn” feature this March 28. However, evidence suggests the exploit could be a “rug pull” — an inside job.

How Hackers Exploited SafeMoon

The SafeMoon public burn function enables users to burn SFM tokens from any address. The attacker employed this loophole to remove SFM tokens from the Safemoon-WBNB [wrapped BNB] Liquidity Pool, which, in turn, artificially raised the SFM price.

Then the culprit dumped the overpriced SFM into the liquidity pool, wiping out the remaining WBNB.

This is an extremely elementary exploit that many contracts in the space have been falling victim to.

commented @MoonMark.

However, the attacker left a message saying:

Also read: CFTC Suit Can Destroy BinaAs a result, the, One of the Last Crypto Exchanges Standing Astound.

“Hey, relax. We are accidentally front-run an attack against you; we would like to return the fund, set up a secure communication channel, and let’s talk.”

Was SafeMoon rugged?

In detail, a rug pull is an intentional scam. The project leaders deliberately lure naive investors to deposit funds onto their platform, then disappear shortly after with the money. However, it is not clear whether the exploit was, in fact, a rug pull.

Also read: Why is Bitcoin Trending Amid Violent Protests in France?

However, a blockchain security and data analytics company PeckShield asserted that “the upgrade, with the exploited public burn bug, was initiated by the official SafeMoon: Deployer.” The company also linked the official text of the upgrade on the BSCScan.

PeckShield then asserted that SafeMoon did NOT audit the contract, which led followers to suggest the hack was not an exploit but rather a rug pull.

Further statements by the official SafeMoon channels could clarify the situation.