- Anker recalls three power banks due to fire risk - stop using them now
- iOS 18.1 public beta arrives with Apple Intelligence - how to try it now
- Trying to break OpenAI's new o1 models? You might get banned
- I swapped my favorite $300 Bose earbuds for a $50 pair. Here's how the two compared
- I replaced my Shokz with these bone conduction headphones - and won't be going back
Thieves Steal $9m from Crypto Liquidity Pool
Cyber-thieves have stolen $8.9m from cryptocurrency firm SafeMoon after exploiting a recently introduced vulnerability affecting the firm’s liquidity pool.
Liquidity pools are large sums of cryptocurrency locked in a smart contract that provide liquidity to decentralized finance (DeFi) exchanges.
However, the SFM:BNB pool run by SafeMoon was compromised on March 28, according to the firm’s CEO, John Karony.
Read more on cryptocurrency heists: Attackers Steal $618m From Crypto Firm.
“In the hours since, our team has met with key advisors to agree a plan that protects token holders and the community. We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit,” Karony explained.
“Users should be assured that their tokens remain safe. Because we have flexibility in our tech, we have faith that we will be able to bring this matter to resolution.”
Karony claimed that the firm’s exchange is not impacted, nor are other pools run by the firm or its SafeMoon Wallet.
A recently introduced update appears to have been the cause of the bug that was exploited in this attack.
“The attacker took advantage of the public burn() function, this function let any user burn tokens from any other address. The attacker used this function to remove SFM tokens from the SFM:BNB liquidity pool, artificially raising the price of SFM,” explained Dappd CEO, “DeFiMark,” on Twitter.
“The attacker was then able to sell SFM into this LP at a grossly overpriced rate within the same transaction, wiping out the remaining WBNB in the liquidity pool.”
Interestingly, the actor claiming responsibility for the attack now appears to be saying that they carried it out in error and want to return the funds. However, this could simply be a delaying tactic while they launder the stolen crypto.