The U.S. Securities and Exchange Commission (SEC) has charged the decentralized finance project SafeMoon with violating security regulations and committing fraud. This move comes in response to an earlier exploit in March that resulted in a net loss of $8.9 million in Binance Coin (BNB).
Blockchain analytics firm Match Systems has been tracking the movement of funds related to the SafeMoon exploit. They believe that these funds have been moving through centralized exchanges (CEXs), potentially indicating an attempt at money laundering. Match Systems suspects that CEXs are being used as intermediaries in money laundering chains, as these platforms allow funds to be exchanged for other tokens, obscuring the trail for hackers.
The exploit itself involved a vulnerability in the SafeMoon smart contract related to the "Bridge Burn" function. This vulnerability allowed anyone to call the "burn" function of the SafeMoon (SFM) token from any address, essentially enabling the transfer of other users' tokens to the developer's address. The attacker exploited this vulnerability, resulting in 32 billion SFM tokens being sent from SafeMoon's liquidity pool address to the hacker's address.
This unauthorized transfer led to a spike in the token's value, which the attackers exploited by exchanging SFM tokens for BNB at inflated prices. As a result, 27,380 BNB was transferred to the hacker's address. Interestingly, the vulnerability appeared in an update on March 28, the same day it was exploited, leading to suspicions that an insider might have been involved.
The SEC's charges against SafeMoon and three of its executives, including the CEO and Chief Technology Officer, have added weight to these suspicions. SafeMoon's leadership is accused of embezzling investor funds and withdrawing $200 million from the project. They also face charges of conspiracy to commit wire fraud, money laundering, and securities fraud from the U.S. Department of Justice. The alleged hackers initially claimed they exploited the protocol by mistake and expressed a willingness to return 80% of the funds, but the movement of these funds through CEXs like Binance could play a crucial role in tracking down those responsible.
