Safemoon got exploited because they allowed anyone to burn any tokens in their new contract update.

It’s a bit ironic that this explanation came from the former golden boy who the Safemoon community widely lauded, and then he launched his own token and got exploited for $5m. But I guess that gives you experience…

Safemoon was just hacked for $8.9M.

After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.

The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code attached).

The attacker used this function to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM.

The attacker was then able to sell SFM into this LP at a grossly overpriced rate within the same transaction, wiping out the remaining WBNB in the liquidity pool.

This is an extremely elementary exploit that many contracts in the space have been falling victim to.

Please do not let any user burn tokens from any address, it is a bad idea.

So there it is. This is what happens when you trust kids with zero experience who have a penchant for publishing untested code. Which I have previously warned Safemooners for. Three fucking times.