Introduction
The SafeMoon project, a decentralized finance platform that suffered a major exploit resulting in an $8.9 million loss, is now facing charges from the United States Securities and Exchange Commission (SEC) for security rule violations and fraud. However, the use of centralized exchanges (CEX) by the hacker could potentially assist law enforcement agencies in their investigation, according to blockchain analytics firm Match System.
The Role of Centralized Exchanges in Money Laundering
Match System believes that centralized exchanges may have been used by the hacker as an intermediate link in the money laundering process. Funds could be exchanged for other tokens and withdrawn, while accounts on CEX could be registered under dummy names, making it difficult to trace the movement of funds without a request from law enforcement agencies. This makes CEX a more attractive option for hackers to buy time and confuse the investigation.
Post-Mortem Analysis of the SafeMoon Exploit
Match System conducted a post-mortem analysis of the SafeMoon smart contract and the subsequent movement of funds to understand the behavior of the exploiters. The analysis revealed that the hacker took advantage of a vulnerability in SafeMoon's contract related to the "Bridge Burn" feature. This allowed them to transfer tokens belonging to other users to the developer's address. In total, 32 billion SFM tokens were sent from SafeMoon's LP address to the hacker's address, resulting in a significant increase in their value. The hacker then swapped some of the SFM tokens for BNB at an inflated price, ultimately transferring 27,380 BNB to their own address.
Possible Insider Involvement
Match System's analysis also indicated that the smart contract vulnerability was introduced in the latest update on March 28, the same day as the exploit. This has led to speculation that an insider may have been involved. These suspicions were further fueled by the recent charges filed by the SEC against the SafeMoon project and its three executives, accusing them of fraud and securities law violations. Match System believes there is evidence that suggests the potential involvement of SafeMoon management in the hacking incident, but this will need to be determined by law enforcement agencies.
SEC Charges and Criminal Allegations
The SEC has alleged that SafeMoon CEO John Karony and Chief Technical Officer Thomas Smith embezzled investor funds and withdrew $200 million in assets from the company. The executives are also facing charges from the Justice Department, including wire fraud, money laundering, and securities fraud.
Tracking Down the Hacker
The hacker initially claimed that the exploit was a mistake and expressed a willingness to return 80% of the funds. However, the funds linked to the exploit have since been moved multiple times, often through centralized exchanges like Binance. Match System believes that these exchanges will play a crucial role in helping law enforcement agencies identify and apprehend the perpetrators of the exploit.
