Mar-28-2023 21:17 (UTC) an article was published
on Twitter about the compromise of LP Safemoon, which resulted in the theft of more than $8 million worth of cryptocurrency assets by an intruder.
The Match Systems team investigated the incident and figured out:
The hack was due to a vulnerability in Safemoon's contract associated with the "Bridge Burn" feature, enabling anyone to call the "burn" function on SFM tokens at any address. This allowed attackers to transfer other users' tokens back to the developer.
As a result, almost 32 billion SFM tokens were taken from Safemoon's LP address 0x8e0301e3bde2397449fef72703e71284d0d149f1 in Binance Smart Chain (BSC) to Safemoon deployer address 0x678ee23173dce625A90ED651E91CA5138149F590, which led to an instant pump in value of tokens, which the attacker exploited by swapping some of the SFM tokens for BNB’s at an inflated price. As a result, 27380 BNB were transferred to the hacker's address. 0x237d58596f72c752a65658585858989348d0fce622ed.
At the time of writing this article, the assets are still held at the same address.