SafeMoon hacker can help law enforcement using centralized exchanges – Related Systems
Decentralized financial project SafeMoon, which was used in March by BNB (BNB), caused a net loss of 8.9 million dollars, and was accused by the United States Securities and Exchange Commission (SEC) of violations of security regulations and fraud.
The funds linked to the exploit have been moving through central exchanges (CEXs), according to blockchain analytic firm Match Systems, which believes the transactions could be critical to law enforcement agencies.
Sean Thornton from Match Systems told Cointelegraph that CXX is suspected of being used as an intermediary link in the money laundering chain.
“On CEX, funds can be exchanged for other tokens and withdrawn, and accounts on CEX can be registered for drops (dummy persons). Considering that it is almost impossible to trace the movement of money through CEX without being asked by law enforcement agencies, CEX is a preferable alternative to DEX. [decentralized exchange] For a hacker to gain time and confuse paths.
Related Systems performed a post-mortem to analyze the behavior of the exploiters of the SafeMoon smart contract and subsequent financial transactions. The analysis revealed that the hacker exploited a vulnerability related to the “bridge burn” feature in the SafeMoon contract, which allowed anyone to call the “burn” function on SafeMoon (SFM) tokens from any address. These attackers used the vulnerability to transfer other users' tokens to the developer's address.
The transfer by the exploiters led to the transfer of 32 billion SFM tokens from the SafeMoon liquidity pool address to the SafeMoon deployer address. This caused a rapid pump in the value of the tokens. The exploiter used the price pump to exchange some SFM tokens for BNB at an inflated price. As a result, 27,380 BNB was transferred to the hacker's address.
The related system smart contract vulnerability was not present in the previous version and the new update came on March 28, the date of the exploit, leading many to believe that an insider was involved. These speculations got more fuel on November 1 when the SEC filed a lawsuit against the SafeMoon project and its three executives, accusing them of fraud and violating security laws.
Thornton told Cointelegraph that the SEC's charges were unfounded and that they also found evidence of SafeMoon's management involvement in the hack. He added that whether this was done intentionally or due to the negligence of the staff will be determined by the law enforcement agencies.
Related: New Crypto Litigation Tracker Highlights 300 Cases From SafeMoon to Pepe the Frog
The SEC alleges that SafeMoon CEO John Caroni and Chief Technical Officer Thomas Smith embezzled investors' money and siphoned $200 million from the company. Safe Moon executives are facing charges from the US Department of Justice for conspiracy to commit wire fraud, money laundering and securities fraud.
The hacker behind the attack said they first misused the protocol and sought to establish a communication channel to return 80% of the funds. Since then, the funds linked to the exploit have moved several times through CEXs such as Binance, which the analytics firm believes is crucial for law enforcement agencies to track exploit criminals.
Magazine: Huawei NFTs, Toyota's hackathon, North Korea vs. Blockchain: Asia Express