Crypto news: Safemoon crypto project got hacked and stolen $8.9M- Security Compromised
The SafeMoon token liquidity pool (LP) lost $8.9 million after a hacker exploited a vulnerability in ‘burn’ smart contract function. According to the blockchain security company, PeckShield, the hacker took advantage of the public burn bug on safemoon’s latest software version.
SafeMoon is a cryptocurrency and blockchain company founded in 2021 functioning on building blockchain, commerce, metaverse, and NFT products. Safemoon has a token that trades on BNB Chain. The products in the SafeMoon ecosystem include wallet, safemoonV2- 2nd version of the SafeMoon Protocol Contract.
Safemoon gained momentum from endorsements from celebrities including Nick Carter, Soulja Boy, and social media influencers like Jake Paul and Ben Phillips.
What is a Liquidity Pool?
A Liquidity Pool is a collection of large deposits of digital assets (cryptocurrency) locked in a smart contract that facilitates trading, borrowing, and lending without depending on any third parties and by providing essential liquidity to decentralized exchanges.
How did the Liquidity pool get hacked?
Some developers suspect that the burn feature on Safemoon’s smart contract is the main reason behind the exploit. The phisher artificially inflated the price and took all the SFM tokens from the liquidity pool using the burn loophole and sold the tokens at a high price. After the incident, the investors are concerned about the security and legitimacy of Safemoon.
Safemoon CEO John Karony said in a tweet that the exploit was related to a single Liquidity pool on BNB Chain and the DEX is safe and they are trying to resolve the issue as soon as possible.
Some of the Recent Hacks in 2023
A lot of attacks have been recorded in the cryptocurrency industry in recent times. Hackers were more concentrated on Decentralized Finance (DeFi) than on Centralized exchanges (CEX) as per the recent data. According to Crystal Blockchain, DeFi protocols have been hacked more times than on CEX. Hackers have stolen $119 million in 19 breaches.
- One of the biggest phishing this year was February’s Bonq DAO, a decentralized borrowing protocol, draining almost $88 million by compromising the protocol’s smart contract.
- Next on the list was the attack on Platypus Finance protocol, causing stablecoin de-pegging and losing almost $9 million in funds. However, the police were able to track and arrest the hackers.
- A noncustodial lending protocol, Euler Finance (a DeFi Protocol) encountered a flash loan attack in march and the attackers stole over $197M in multiple transactions, making it one of the largest hacks in 2023. The cryptocurrencies include wrapped Bitcoin (wBTC), Lido-staked ETH (stETH), and USDC.
The attackers deposited the funds and leveraged them twice by taking advantage of the bug in the protocol’s software, they stole all the money without repaying the loan.
Flash loans are a type of crypto loan but without any collateral and are executed by smart contracts and need to be paid back in full. The condition is that the borrower needs to pay back the loan before the transaction ends or the smart contract reverses the transaction.
As per crypto analytics firm Meta Seluth, the attacker makes use of multiple bridges to transfer their assets from the BNB Smart Chain to Ethereum.
- Phishers eyed the popular play-to-earn game Axie Infinity and stole nearly $615M from Sky Mavis the publisher of the game. However, Norwegian police seized 60M kroner worth of cryptocurrency that was stolen by the North Korean Lazarus hacking group.
- Kevin Rose, the co-founder of Moonbirds, an NFT token collection, lost more than $1.1M worth of his personal NFTs. Kevin was phished into signing a malicious signature that gave the hacker access to his tokens.
How to be cautious of NFT Scams in 2023
- Non-fungible tokens (NFTs) are prone to various attacks including pump-and-dump scams, phishing scams, bidding scams, Rug-pull scams, etc.
- Do proper research while purchasing NFTs and buy only on legitimate sites and never share your keys and passwords with anyone or to any website. Be cautious while logging into sites and try to avoid clicking suspicious links.
- Fraudsters will access your NFT account wallet and drain your assets even before you realize it.
- Be cautious when you are participating in NFT Airdrops or giveaways as they may ask you to sign up and then provide a link to enter your wallet details and loot all your assets in a fraction.
- Be aware of fake NFT projects in the market, and only invest in the project after having a better knowledge of their goals, team members, and partners. Read their whitepaper to get an idea of their vision and mission and other related information.
- Create a strong password and two-factor authentication to be more secure.
- Store your digital assets in a cold storage wallet if possible.
“Never share your wallet or private key details with anyone”
Investors need to be more cautious and should be aware of the risks in the industry before investing in the crypto market.
Despite the challenges, Cryptocurrency and Blockchain have the potential to revolutionize the financial industry and bring major transformation to the crypto space. As it is a booming industry they are prone to more attacks and data breaches.
Indeed, this will help the industry to identify its flaws and become stringent in the coming years and stay ahead of frauds and other attacks. A lot of crypto projects are focusing on providing a better experience to investors and developers alike without compromising security.