The $8.9 million exploit of crypto project SafeMoon in March is now under the microscope of US authorities. However, blockchain analysis shows the stolen funds have been trafficked through centralized exchanges. In turn, this could prove critical for those investigating.
SafeMoon and its executives were recently charged by the SEC with fraud and securities violations in the wake of suspicious insider activity related to the exploit.
Sean Thornton of Match System told Cointelegraph that centralized exchanges likely served as intermediaries for laundering the stolen funds.
“On CEX, funds could be exchanged and withdrawn further, and accounts could be registered to fake entities. CEX is preferable to DEX for hackers seeking to confuse the money trail,” Thornton explained.
Hackers utilized SafeMoon’s smart contract vulnerability
Match System’s analysis uncovered the exploit, which utilized a vulnerability in SafeMoon’s smart contract code to drain tokens from the protocol into the founder’s wallet. The hacker then sold the tokens at inflated prices for a quick profit in BNB.
Notably, the vulnerability came in a contract upgrade on the same day as the attack, fueling speculation of insider involvement. The SEC accused SafeMoon’s CEO and CTO of embezzling investor funds.
While decentralized exchanges preserve user privacy, CEXs must collect identifying information. This means they could provide law enforcement with the critical leads needed to track the laundered funds. Hence, authorities can identify the parties responsible.