The decentralized finance project SafeMoon, which was
exploited in March, resulting in a net loss of $8.9 million in BNB BNB
tickers down $242 , has been charged by the United States
Securities and Exchange Commission (SEC) for security
rules violations and fraud.
The funds associated with the exploit have been on the
move via centralized exchanges (CEXs), with blockchain
analytic firm Match Systems believing the transfers could
become critical for law enforcement agencies.
Sean Thornton from Match Systems told Cointelegraph that
it suspects CEXs were used as an intermediate link in the
money laundering chain:
“On CEXs, funds could be exchanged for other tokens and withdrawn further, and accounts on a CEX could be registered for drops (dummy persons). Taking into account the fact that it is almost impossible to trace the movement of funds through a CEX without a request from law enforcement agencies, a CEX is a more preferable option than a DEX [decentralized exchange] for a hacker to gain time and confuse paths.”
Match Systems carried out a post-mortem of the SafeMoon smart contract and the subsequent movement of funds to analyze the behavior of the exploiters. The analysis revealed that the hacker exploited a vulnerability in SafeMoon’s contract associated with the “Bridge Burn” feature, allowing anyone to call the “burn” function on SafeMoon (SFM) tokens at any address. These attackers used the vulnerability to transfer other users’ tokens to the developer’s address.
Ad The transfer made by exploiters resulted in 32 billion
SFM tokens being sent from SafeMoon’s liquidity pool
address to SafeMoon’s deployer address. This led to an
instant pump in the value of tokens. The exploiter used
the price pump to swap some of the SFM tokens for BNB at
an inflated price. As a result, 27,380 BNB were
transferred to the hacker’s address.
Match System found that the smart contract vulnerability
was not present in the previous version and only came in
with the new update on March 28, the day of the exploit,
leading many to believe an insider was involved. These
speculations gained more fuel by Nov. 1 as the SEC filed
charges against the SafeMoon project and three of its
executives, accusing them of committing fraud and
violating securities laws.
Thornton told Cointelegraph that the SEC accusations are
not unfounded, and they also found evidence that may
indicate the involvement of SafeMoon management in the
hacking that occurred. He added that whether this was done
intentionally or as a result of employee negligence will
be determined by law enforcement.
The SEC alleges that the CEO of SafeMoon, John Karony, and
the chief technical officer, Thomas Smith, embezzled
investor cash and withdrew $200 million in assets from the
enterprise. The SafeMoon executives are also facing
charges from the U.S. Justice Department for conspiring to
commit wire fraud, money laundering and securities fraud.
The hacker behind the attack initially claimed they had
mistakingly exploited the protocol and wanted to set up a
communication channel to return 80% of the funds. Since
then, the funds linked to the exploits have moved many
times via CEXs like Binance, which the analytic firm
believes will be critical for law enforcement agencies to
track down the perpetrators of the exploit.