Saturday, 25 May 2024
Trending

Crypto News

SafeMoon hacker’s use of centralized exchanges could help law enforcement: Match System

SafeMoon hacker’s use of centralized exchanges could help law enforcement: Match System


SafeMoon, a decentralized finance project exploited in March, resulting in a net loss of $8.9 million in BNB, has been charged by the United States Securities and Exchange Commission and its key executives for security rules violations and frauds.

The funds associated with the exploit have been on the move via centralized exchanges and Match System, a blockchain analytic firm, believes these transfers via CEX could become critical for law enforcement agencies.

Sean Thornton from Match System told Cointelegraph that they suspect centralized exchanges were used as an intermediate link in the money laundering chain.

“On CEX, funds could be exchanged for other tokens and withdrawn further, and accounts on CEX could be registered for drops (dummy persons). Taking into account the fact that it is almost impossible to trace the movement of funds through CEX without a request from law enforcement agencies, CEX is a more preferable option than DEX for a hacker to gain time and confuse paths,” Thornton explained.

Match System carried out a post-mortem of the SafeMoon smart contract and the subsequent movement of funds to analyze the behavior of the exploiters. The analysis revealed that the hacker exploited a vulnerability in SafeMoon’s contract associated with the “Bridge Burn” feature, allowing anyone to call the “burn” function on SFM tokens at any address. These attackers used the vulnerability to transfer other users’ tokens to the developer’s address.

The transfer made by exploiters resulted in 32 billion SFM tokens being sent from SafeMoon’s LP address to SafeMoon’s deployer address. This led to an instant pump in the value of tokens. The exploiter used the price pump to swap some of the SFM tokens for BNBs at an inflated price. As a result, 27380 BNB were transferred to the hacker’s address.

Match System, in its analysis, found that the smart contract vulnerability was not present in the previous version and only came in with the new update on March 28, the day of the exploit, leading many to believe the involvement of an insider. These speculations gained more fuel by Nov.1 as the SECf iled charges against SafeMoon project and its three executives, accusing them of committing fraud and violating securities laws.

Thornton told Cointelegraph that the SEC accusations are not unfounded and they also found evidence that may indicate the involvement of SafeMoon management in the hacking that occurred. He added that whether this was done…

Click Here to Read the Full Original Article at Cointelegraph.com News…