In recent news, SafeMoon experienced a security breach in its smart contracts that led to the loss of approximately $8.9 million from the memecoin’s liquidity pool. The exploit occurred just three hours after SafeMoon had upgraded its smart contracts, and it involved a hacker who identified and leveraged a bug in the code.

However, in a surprising turn of events, the hacker was quickly front run by another address. The front runner then reached out to SafeMoon’s deployer contract to initiate negotiations, stating that they had accidentally front run an attack against SafeMoon and wanted to return the funds. The front runner now holds approximately $8.66 million in a separate wallet.

Front running is a term used to describe a situation where a crypto address identifies a pending lucrative trade or transaction on the blockchain and pays a very high gas fee to execute the same transaction before the original.

While the front runner seems to want to return the funds to the SafeMoon team, the focus has shifted to how the exploit managed to find its way into the smart contract. According to a spokesperson from PeckShield, the exploit involved a public mint bug that allowed the hacker to call the function to burn the liquidity in the pool and then swap for the remaining WBNB. WBNB is a wrapped version of Binance’s native exchange token BNB, making it easier to interact with native BNB Chain applications.

The exploit enabled the hacker to buy SFM (SafeMoon) initially, exploit the public mint bug to increase the SFM price, and then sell SFM with a profit of over $8.9 million. The spokesperson from PeckShield described the bug as trivial and should not have been present in the upgrade at all, indicating that the upgrade may not have been audited.

A Twitter user claimed that they were able to identify the exploit after two minutes of reviewing SafeMoon’s smart contract. Gonçalo Magalhães, a smart contract engineer at Immunefi, stated that the specific bug’s root cause was the lack of proper access control to a function that should be for privileged usage only, which is a common security vulnerability that is usually caught at the auditing phase of a smart contract.

Users who had their tokens in the liquidity pool (WBNB-SFM) were at risk of losing their tokens. One Twitter user claimed they lost 4 million SFM, or roughly $800 at press time. The SafeMoon team reportedly hired a chain forensics consultant who located the issue and has resolved it. SafeMoon’s CEO John Karony assured users that their tokens remain safe and that the company’s flexible technology will enable them to bring the matter to a resolution.