The attacker who drained $8.9 million of Binance Coin (BNB) from SafeMoon has agreed to return 80% of the funds, based on an April 18 blockchain message from the SafeMoon workforce.
Breaking Information: #SafeMoon has struck a cope with the “hacker”
80% LP return imminent.
20% bounty for “hacker”
And no expenses pressedNow, again to your repeatedly scheduled program. pic.twitter.com/x94fSb4EoP
— SafeMoonSpidey.sfm ⎷ (@SafeMoonSpidey) April 18, 2023
SafeMoon is a decentralized finance (DeFi) protocol that runs on BNB Chain. It was hacked on March 28, leading to a lack of 27,000 BNB value $8.9 million on the time.
On April 18, at 1:19 p.m. UTC, the SafeMoon Deployer account posted a transaction to the BNB community with the attacker’s handle because the recipient. The transaction contained a coded message in 8-bit Unicode Transformation Format (UTF-8) that said the next:
“SafeMoon has reached an settlement with the celebration at the moment holding the funds. Particularly, SafeMoon has agreed to just accept 80 % of the quantity returned, with the opposite celebration retaining the stability as a bounty. SafeMoon has additional agreed to not file any authorized actions in opposition to them. After cautious consideration of the circumstances, it’s believed that is in the perfect curiosity of SafeMoon and the neighborhood.”
The coded message is the most recent in a collection of communications between the SafeMoon workforce and the attacker because the events tried to settle. On March 29, the attacker claimed that they had drained the funds by chance.
The workforce responded on the identical day, asking the attacker to supply a Telegram deal with the place they might be contacted. The attacker didn’t present a Telegram deal with however did present an nameless Outlook electronic mail handle as an alternative. The workforce then said, “E mail message despatched. 12:33 UTC.”
There was no additional blockchain communication between the 2 sides till the April 18 message confirming that the settlement had been made.
Hacking DeFI protocols and negotiating to maintain some funds has change into frequent lately. On April 4, the Euler Finance attacker, who had beforehand drained over $196 million from Euler, issued an apology message and returned practically the entire funds gained from the assault. On April 6, the exploiter who had drained $967,000 of crypto from Sentiment returned practically 90% of it after the workforce agreed to allow them to hold the remaining quantity.
Some Web3 builders have argued that bug bounties needs to be bigger and growth groups needs to be extra diligent about paying them, as they allege this might encourage hackers to report bugs as an alternative of exploiting them.