Safemoon LP Exploited for $8.9M; SFM Tokens Remain ‘Safe,' CEO Says

A publicly available token burn function in the contract allowed attackers to manipulate the protocol, some said.

AccessTimeIconMar 29, 2023 at 5:58 a.m. UTC
Updated Mar 29, 2023 at 2:45 p.m. UTC

The Safemoon token liquidity pool (LP) was drained of nearly $9 million worth of tokens on Wednesday after attackers manipulated a faulty feature on its smart contracts.

Blockchain data shows several tokens were exchanged in the wee hours on Wednesday in a single transaction, with the attacker ultimately stealing billions of Safemoon’s SFM tokens locked on an LP.

A liquidity pool is a basket of tokens locked in a smart contract. Liquidity pools are used to facilitate decentralized trading, lending, and borrowing between users without relying on third parties.

Safemoon’s SFM tokens fell over 40% in early Asian hours before slightly recovering at writing time.

Safemoon is a decentralized finance (DeFi) token that has four functions that take place during each trade: fee reflection, LP acquisition, token burn and growth fund – with these factors contributing to making safemoon one of the biggest gainers in the 2021 bull market.

Safemoon developers said Wednesday their liquidity pool had been compromised. “We want to inform you that our LP has been compromised. We are taking swift action in an attempt to resolve the issue as soon as possible,” developers tweeted.

Safemoon CEO John Karony said in a followup tweet the exploit was related to a single LP on BNB Chain.

“I want to make clear that our DEX is safe. This ultimately affected the SFM:BNB LP pool,” Karony said. “We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit.”

Some developers pointed to a faulty burn feature on Safemoon’s smart contracts as a key reason behind the exploit.

“The attacker took advantage of the public burn function, this function let any user burn tokens from ANY other address (code attached),” Dappd CEO DeFi Mark posted on Twitter.

“The attacker used this function to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM,” DeFi Mark noted, adding this was an “extremely elementary exploit that many contracts in the space have been falling victim to.”

Edited by Greg Ahlstrand.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.