Halborn logotext

// Blog

Explained: The SafeMoon Hack (March 2023)


Rob Behnke

March 30th, 2023

In March 2023, SafeMoon’s liquidity pool was the victim of an attack. The attackers exploited a vulnerability in the protocol’s contracts to steal approximately $8.9 million.

Inside the Attack

The SafeMoon contract was exploited via a vulnerability that was introduced in the latest upgrade to the protocol. This vulnerability allowed the attackers to drain the project’s SFM/BNB pool.

The vulnerability in question was a publicly-accessible burn function. This function allowed anyone to destroy SFM tokens held within the SFM/BNB pool. A pool has a value that is distributed across the tokens stored within it. Burning tokens contained within the pool increases the perceived value of those tokens that remain.

After changing the price of the SFM token, the attacker deposited SFM tokens into the pool. Since these tokens were perceived as having a higher value, the attacker was able to drain an outsized amount of BNB from the pool, stealing about $8.9 million from the protocol.

The SafeMoon exploiter claimed to be an MEV bot operator that front-run a real attack. As a result, the protocol may be able to reclaim at least a portion of the stolen coins.

Lessons Learned From the Attack

Unprotected burn and mint functions are simple vulnerabilities that place a protocol and its coins at risk. In fact, the error is so fundamental that it was suggested that the real problem might have been a compromised private key that enabled the malicious update.

Unprotected burn functions are vulnerabilities that could have been detected and fixed by a smart contract audit. Before pushing any code to the blockchain, including updates to existing protocols, make sure you get a smart contract audit.