Safemoon LP Exploited for $8.9M; SFM Tokens Remain ‘Safe,' CEO Says

A publicly available token burn function in the contract allowed attackers to manipulate the protocol, some said.

AccessTimeIconMar 29, 2023 at 5:58 a.m. UTC
Updated Mar 29, 2023 at 2:45 p.m. UTC

The Safemoon token liquidity pool (LP) was drained of nearly $9 million worth of tokens on Wednesday after attackers manipulated a faulty feature on its smart contracts.

Blockchain data shows several tokens were exchanged in the wee hours on Wednesday in a single transaction, with the attacker ultimately stealing billions of Safemoon’s SFM tokens locked on an LP.

A liquidity pool is a basket of tokens locked in a smart contract. Liquidity pools are used to facilitate decentralized trading, lending, and borrowing between users without relying on third parties.

Safemoon’s SFM tokens fell over 40% in early Asian hours before slightly recovering at writing time.

Safemoon is a decentralized finance (DeFi) token that has four functions that take place during each trade: fee reflection, LP acquisition, token burn and growth fund – with these factors contributing to making safemoon one of the biggest gainers in the 2021 bull market.

Safemoon developers said Wednesday their liquidity pool had been compromised. “We want to inform you that our LP has been compromised. We are taking swift action in an attempt to resolve the issue as soon as possible,” developers tweeted.

Safemoon CEO John Karony said in a followup tweet the exploit was related to a single LP on BNB Chain.

“I want to make clear that our DEX is safe. This ultimately affected the SFM:BNB LP pool,” Karony said. “We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit.”

Some developers pointed to a faulty burn feature on Safemoon’s smart contracts as a key reason behind the exploit.

“The attacker took advantage of the public burn function, this function let any user burn tokens from ANY other address (code attached),” Dappd CEO DeFi Mark posted on Twitter.

“The attacker used this function to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM,” DeFi Mark noted, adding this was an “extremely elementary exploit that many contracts in the space have been falling victim to.”

Edited by Greg Ahlstrand.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.