A hacker who exploited a bug in SafeMoon’s smart contract and drained $8.9 million from its liquidity pool has agreed to return 80% of the stolen funds.
On April 18, a SafeMoon community member going by the Twitter moniker @SafeMoonSpidey posted screenshots of a private note on BSC scan that stated the liquidity platform had agreed with the person responsible for the March 28 attack to return 80% of the stolen funds.
According to the on-chain message, SafeMoon has agreed to let the attacker keep 20% of the stolen crypto, worth about $1.8 million, as a “white hat bounty.”
The company has also agreed not to file charges against the hacker following “careful consideration of the circumstances.”
Per the private note, SafeMooon believes letting the matter go is in the platform’s and community’s best interest.
Burn bug caused multi-million dollar losses
SafeMoon was hacked on March 28 after a recent software upgrade introduced a public burn function that allowed anyone to burn tokens from other addresses.
The attacker reportedly used this vulnerability to remove a large chunk of SafeMoon’s native token, the SFM, from the pool, causing a spike in the token’s price. They then sold the tokens at a high price and withdrew 27,000 BNB, valued at about $8.9 million at the time, from the pool.
Blockchain security firm Peckshield detected the hack and alerted SafeMoon.
In the weeks following the exploit, the company CEO, John Karony, has been active on social media, seeking to allay fears and reassure SafeMoon users.
However, the SafeMoon community had expressed displeasure with the lack of substantive updates on the situation.
A recent post announcing a slew of SafeMoon service updates was roundly criticized for being overly ambitious and serving as a diversion to hide a lack of news about the hack.
Karony was also criticized for his pleas for patience.