SafeMoon hacker agrees to return 80% of stolen funds, says development team

The attacker who drained $8.9 cardinal of Binance Coin (BNB) from SafeMoon has agreed to instrumentality 80% of the funds, according to an April 18 blockchain connection from the SafeMoon team.

— SafeMoonSpidey.sfm ⎷ (@SafeMoonSpidey) April 18, 2023

SafeMoon is simply a decentralized concern (DeFi) protocol that runs connected BNB Chain. It was hacked connected March 28, resulting successful a nonaccomplishment of 27,000 BNB worthy $8.9 cardinal astatine the time.

On April 18, astatine 1:19 p.m. UTC, the SafeMoon Deployer relationship posted a transaction to the BNB web with the attacker’s code arsenic the recipient. The transaction contained a coded connection successful 8-bit Unicode Transformation Format (UTF-8) that stated the following:

“SafeMoon has reached an statement with the enactment presently holding the funds. Specifically, SafeMoon has agreed to judge 80 percent of the magnitude returned, with the different enactment retaining the equilibrium arsenic a bounty. SafeMoon has further agreed not to record immoderate ineligible actions against them. After cautious information of the circumstances, it is believed this is successful the champion involvement of SafeMoon and the community.”

The coded connection is the latest successful a bid of communications betwixt the SafeMoon squad and the attacker arsenic the parties attempted to settle. On March 29, the attacker claimed they had drained the funds accidentally.

The squad responded connected the aforesaid day, asking the attacker to connection a Telegram grip wherever they could beryllium contacted. The attacker did not supply a Telegram grip but did supply an anonymous Outlook email code instead. The squad past stated, “Email connection sent. 12:33 UTC.”

There was nary further blockchain connection betwixt the 2 sides until the April 18 connection confirming that the statement had been made.

Hacking DeFI protocols and negotiating to support immoderate funds has go communal recently. On April 4, the Euler Finance attacker, who had antecedently drained implicit $196 cardinal from Euler, issued an apology connection and returned astir each of the funds gained from the attack. On April 6, the exploiter who had drained $967,000 of crypto from Sentiment returned astir 90% of it aft the squad agreed to fto them support the remaining amount.

Some Web3 developers person argued that bug bounties should beryllium larger and improvement teams should beryllium more diligent astir paying them, arsenic they allege this could motivate hackers to study bugs alternatively of exploiting them.