Gul Hameed 
July 27, 2023 
Safemoon is a decentralized finance (DeFi) project with over 2.5 million holders and more than $50 million locked in liquidity. It features a deflationary utility token, SAFEMOON, and has a fully diluted market capitalization of over $1 billion, according to CoinMarketCap. On March 28, 2023, Safemoon was hacked, and the attacker drained the SFM/BNB pool, resulting in a loss of $8.9M worth of ‘locked LP’. Safemoon suffered an attack in which the SFM/BNB pool was drained, resulting in a loss of $8.9M worth of ‘locked LP’. The attack was carried out by exploiting a vulnerability in the new Safemoon contract that allowed anyone to burn SFM tokens from any address, thus inflating the price of SFM tokens in the pool. The attacker was able to drain the pool of BNB liquidity by selling previously acquired SFM tokens into the artificially inflated pool, resulting in a profit of 28k BNB. The hacker has claimed to return the funds, but there are doubts about their trustworthiness. The vulnerability exploited in the Safemoon hack was introduced in the project's latest upgrade, which took place approximately six hours before the attack. The upgrade included a new implementation of the token contract, which mistakenly left the burn function as publicly callable. The code for the function is as follows: The function transfers the specified amount of SFM tokens from the specified address to the bridgeBurnAddress, effectively burning them. However, the mistake in the implementation made anyone call it and burn tokens from any address. The attacker exploited the burn function, and the majority of the funds were transferred to 0x237D where they remain at the time of writing. The exploit transaction can be traced using the transaction hash: 0x48e52a12…, and the attacker’s address is 0x286e09932b8d096cba3423d12965042736b8f850. Safemoon’s hack serves as a reminder of the risks involved in deploying new features into the mainnet without proper security checks. Projects need to ensure that their smart contracts are secure and audited to prevent such exploits from happening. Security audits can be conducted by third-party audit firms such as Blockapex, which specializes in auditing smart contracts and DeFi protocols. Also read Hack Analysis on DeFi Geek Community Japan.Introduction
Hack Impact
Background
Steps to reproduce
Transaction Analysis
Conclusion
The Euler Finance hack had a devastating impact on the platform and its users, with approximately $197 million worth of assets stolen, including ETH, WBTC, USDC, and DAI. This placed Euler Finance at number 6 on the leaderboard of the largest DeFi hacks. The platform's total value locked (TVL) dropped from $264 million to just $10 million.
Gul Hameed 
March 14, 2023 The BonqDAO security breach that occurred on February 2, 2023, had far-reaching consequences for the platform, its users, and the wider DeFi ecosystem. The attack exploited a vulnerability in the integration of the Tellor Oracle system, which BonqDAO relied on for obtaining token price information.
Gul Hameed
September 22, 2023 Rari capital got hacked for around $79M through a classic re-entrancy attack. Rari is a fork of compound finance which had this bug fixed earlier. It is not the first time Rari has been a victim of a hack.
Abdul Sami J.
May 4, 2022 Kokomo Finance has taken off with approximately $4 million worth of user funds, leaving users unable to withdraw their funds. Wrapped Bitcoin deposits were rugged, with almost $2M of tokens still remaining in the project’s pools on Optimism.
Gul Hameed
August 8, 2023 On February 17, 2023, Platypus Finance was hacked, resulting in a loss of approximately $8.5 million worth of assets. In this hack analysis, we will delve into the details of the attack, the vulnerability that was exploited, and the impact it had on the platform and its users.
Gul Hameed
September 5, 2023 On April 9, 2023, SushiSwap suffered a security breach which led to a loss of over $3.3 million. The attack exploited a flaw in the RouteProcessor2 contract of SushiSwap's router processor. The fallout was felt across several major chains that had previously authorized the RouteProcessor2 contract.
Gul Hameed
July 20, 2023 From an outsider’s perspective, returning millions of dollars worth of funds after successfully pulling off a complicated exploit is, at best, admirable, and at worst, foolish. What could be the motivation behind such a decision?
Abdul Sami J.
September 17, 2021 The Dexible hack affected a total of 17 user accounts, with the majority of losses coming from a single address belonging to BlockTower Capital, a prominent investment firm.
Gul Hameed
August 25, 2023 Beanstalk protocol got hacked for around $74M through exploiting the governance mechanism & stealing all the BEANS & Curve LP tokens stored in the Beanstalk protocol.
Abdul Sami J.
April 27, 2022 
