SafeMoon, a decentralized finance project exploited in March, resulting in a net loss of $8.9 million in BNB, has been charged by the United States Securities and Exchange Commission and its key executives for security rules violations and frauds.
The funds associated with the exploit have been on the move via centralized exchanges and Match System, a blockchain analytic firm, believes these transfers via CEX could become critical for law enforcement agencies.
Sean Thornton from Match System told Cointelegraph that they suspect centralized exchanges were used as an intermediate link in the money laundering chain.
“On CEX, funds could be exchanged for other tokens and withdrawn further, and accounts on CEX could be registered for drops (dummy persons). Taking into account the fact that it is almost impossible to trace the movement of funds through CEX without a request from law enforcement agencies, CEX is a more preferable option than DEX for a hacker to gain time and confuse paths,” Thornton explained.
Match System carried out a post-mortem of the SafeMoon smart contract and the subsequent movement of funds to analyze the behavior of the exploiters. The analysis revealed that the hacker exploited a vulnerability in SafeMoon’s contract associated with the “Bridge Burn” feature, allowing anyone to call the “burn" function on SFM tokens at any address. These attackers used the vulnerability to transfer other users’ tokens to the developer’s address.
The transfer made by exploiters resulted in 32 billion SFM tokens being sent from SafeMoon’s LP address to SafeMoon’s deployer address. This led to an instant pump in the value of tokens. The exploiter used the price pump to swap some of the SFM tokens for BNBs at an inflated price. As a result, 27380 BNB were transferred to the hacker’s address.
Match System, in its analysis, found that the smart contract vulnerability was not present in the previous version and only came in with the new update on March 28, the day of the exploit, leading many to believe the involvement of an insider. These speculations gained more fuel by Nov.1 as the SECf iled charges against SafeMoon project and its three executives, accusing them of committing fraud and violating securities laws.
Thornton told Cointelegraph that the SEC accusations are not unfounded and they also found evidence that may indicate the involvement of SafeMoon management in the hacking that occurred. He added that whether this was done intentionally or was the criminal negligence of the employees will have to be sorted out by law enforcement agencies.
The SEC alleged that the CEO of SafeMoon, John Karony, and the chief technical officer, Thomas Smith, embezzled investor cash and withdrew $200 million in assets from the enterprise. The SafeMoon executives are also facing charges from the Justice Department for conspiring to commit wire fraud, money laundering, and securities fraud.
The hacker behind the attack initially claimed they had mistakingly exploited the protocol and wanted to set up a communication channel to return 80% of the funds. Since then, the funds linked to the exploits have moved on several occasions, many times via centralized exchanges like Binance, which the analytic firm believes will be critical for law enforcement agencies to track down the perpetrators of the exploit.