Source: US FBI
ALEXANDRIA, Va. – The United States has recovered and cleared title to over $680,000 worth of stolen cryptocurrency using civil asset forfeiture and is in the process of returning those funds to the victim, a cryptocurrency and blockchain company.
According to court documents, on March 28, 2023, an unidentified person sought to exploit a vulnerability in a cryptocurrency product created by SafeMoon, LLC. SafeMoon used a reserve, called a liquidity pool, to allow trading between different types of cryptocurrency by securing a supply of cryptocurrency assets to ensure sufficient liquidity in the market. This allowed SafeMoon to prevent large fluctuations in the price of SafeMoon’s cryptocurrency. The liquidity pool was secured and managed by a digital program called a “smart contract” that automatically executed when specified conditions occurred. The smart contract was mistakenly programmed, however, so that it could be used by anyone to “burn,” or destroy, tokens from the SafeMoon liquidity pool.
The exploiter’s scheme involved manipulating SafeMoon’s cryptocurrency by initiating a transaction that would burn a large number of SafeMoon tokens simultaneously, resulting in an artificial price spike. Then the exploiter could sell tokens back to the liquidity pool at an artificially inflated price at a loss to SafeMoon.
At the same time, however, an automated cryptocurrency trading program called a “bot” was engaged in “front-running,” which exploits normal delays in the processing of transactions by scanning and simulating pending transactions to determine how profitable they are, then executes profitable trades ahead of the original trader. In this case, the front-running bot caused the exploiter’s transaction to fail and directed the profits from its own trade to an account the bot operator controlled. The cryptocurrency stolen from SafeMoon was worth over $8.5 million on the day it was stolen.
Within a few hours of the attack, the front-running bot operator contacted SafeMoon, claiming to have prevented an attack. While purportedly offering to return the stolen cryptocurrency, the bot operator also threatened to withhold the entirety of the cryptocurrency stolen from SafeMoon if SafeMoon did not allow the operator to keep a percentage. SafeMoon relented and let the bot operator keep 20 percent of the stolen cryptocurrency.
On May 15, 2023, the FBI seized $680,467.92 and 480.996 BNB from accounts at OKX, a cryptocurrency exchange platform, representing approximately half of the 20 percent extorted from SafeMoon. SafeMoon has since filed for bankruptcy, but the funds are being returned to the bankruptcy trustee for SafeMoon.
Neither the original exploiter nor the bot operator has been identified to date and they may be located abroad. Without the possibility of a criminal prosecution, the United States used a civil asset forfeiture action against this stolen cryptocurrency to recover these funds for theft victims. The civil asset forfeiture action afforded all potential claimants an opportunity to contest the forfeiture in court and put the government to its burden of proof.
Erik S. Siebert, U.S. Attorney for the Eastern District of Virginia, and Emily Odom, Acting Special Agent in Charge of the FBI Washington Field Office’s Criminal and Cyber Divisions, made the announcement after the settlement order between the United States and the SafeMoon bankruptcy trustee was issued by U.S. District Judge Patricia T. Giles.
The matter was handled by Assistant U.S. Attorney Kevin Hudson. Assistant U.S. Attorney Jonathan S. Keim and Former Eastern District of Virginia prosecutor Jay V. Prabhu supported the case.
A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information are located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:24-cv-1065.