The utilization of centralized exchanges by the SafeMoon hacker might offer valuable assistance to law enforcement, according to Match Systems.
In March, SafeMoon experienced an exploitation due to a vulnerability arising from a smart contract update, which enabled hackers to move funds through a burn call.
investograph 
The United States Securities and Exchange Commission (SEC) has charged the decentralized finance project SafeMoon with violations of security rules and fraud. SafeMoon, which was exploited in March, resulting in a net loss of $8.9 million in BNB, has come under regulatory scrutiny.
The funds associated with the exploit have been in motion through centralized exchanges (CEXs), and blockchain analytics firm Match Systems believes that these transfers could be pivotal for law enforcement. According to Sean Thornton from Match Systems, it's suspected that CEXs were used as an intermediary step in the money laundering process:
"On CEXs, funds could be exchanged for other tokens and withdrawn further, and accounts on a CEX could be registered under fake identities. Given that it is nearly impossible to trace fund movements through a CEX without a request from law enforcement agencies, a CEX is a preferable option for a hacker to buy time and obscure their tracks."
Match Systems conducted a post-mortem analysis of the SafeMoon smart contract and the subsequent fund movements to study the behavior of the exploiters. The analysis revealed that the hackers took advantage of a vulnerability in SafeMoon's contract related to the "Bridge Burn" feature, which allowed anyone to trigger the "burn" function on SafeMoon (SFM) tokens at any address. Using this vulnerability, the attackers transferred tokens belonging to other users to the developer's address.
The exploit led to the transfer of 32 billion SFM tokens from SafeMoon's liquidity pool address to SafeMoon's deployer address, causing an immediate increase in the token's value. The exploiters capitalized on the price surge by exchanging some SFM tokens for BNB at an inflated price, resulting in the transfer of 27,380 BNB to the hacker's address.
Match Systems discovered that the smart contract vulnerability was absent in the previous version and only surfaced with the new update on March 28, the day of the exploit, fueling suspicions of insider involvement. On November 1, the SEC filed charges against the SafeMoon project and three of its executives, accusing them of fraud and securities law violations.
Thornton mentioned that the SEC's allegations are not baseless, and there is evidence that suggests the potential involvement of SafeMoon management in the hack. The question of whether this was deliberate or a result of employee negligence will be determined by law enforcement.
The SEC has alleged that the CEO of SafeMoon, John Karony, and the Chief Technical Officer, Thomas Smith, embezzled investor funds and withdrew $200 million in assets from the project. Additionally, the SafeMoon executives are facing charges from the U.S. Justice Department, including conspiracy to commit wire fraud, money laundering, and securities fraud.
The hacker responsible for the attack initially claimed they had mistakenly exploited the protocol and expressed a willingness to set up communication to return 80% of the funds. Subsequently, the funds associated with the exploit have moved through CEXs like Binance multiple times, and Match Systems believes this activity will be crucial for law enforcement agencies to trace the culprits behind the exploit.
