Safemoon Hack
Incident Overview
The liquidity pool (LP) for the DeFi project SafeMoon has been compromised, according to a statement from the project on Twitter on March 28.
SafeMoon's LP was compromised due to a contract upgrade that introduced a public burn bug, allowing anyone to destroy tokens. The upgrade was initiated by the deployer contract, and there is a possibility of an admin key leak. After that, the complex attack tx was executed and gain a profit of about 28,364 WBNB.
Stolen funds were transferred to the 0x237d wallet. The cause of the issue has not been confirmed by SafeMoon, and it is unclear if any cryptocurrency has been stolen or recovered.
Upgrade proxy tx:
https://bscscan.com/tx/0x71273e73…c1c01d
Exploit tx:
https://bscscan.com/tx/0x48e52a12…33a934
Funds were transferred to the wallet:
https://bscscan.com/address/0x237d5859…e622ed
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Safemoon, these are the critical security checks that could have prevented this incident (March 2023).
- Verify all logic paths related to Access Control Exploit / Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialSecurity Audit History
- HashEx Report
Related Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Proof-of-Concept Exploits
On-Chain Evidence & References
- Twitter/X Alert https://twitter.com/zokyo_io/status/1641014520041840640
Sources & References
- 01
- 02
- 03
- 04
Learn to Prevent the Next Safemoon
The Safemoon hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.