DeFi Protocol xToken Suffers $24.5 Million Exploit
CoinEdition
Published May 16, 2021 06:53AM ET
DeFi Protocol xToken Suffers $24.5 Million Exploit
- DeFi protocol xToken suffered from an exploit.
- The attacker took $24.5 million using flash loans.
- The attack involved using two exploits, targeting tokens in the xToken ecosystem.
Decentralized finance (DeFi) protocol xToken announced it faced a massive exploitation on Wednesday. Notably, the attacker took $24.5 million using flash loans.
xSNXa and xBNTa contracts have been exploited. Minting paused on all contracts as we investigate further.
Liquidity pools have been drained, however most SNX and BNT remain in xToken contracts.
We owe the community an explanation and will be providing another update shortly
— xToken (@xtokenmarket) May 12, 2021
Flash loans are blockchain-based loans through which a quantity of crypto is borrowed and repaid in the same transaction. As in this case, an attacker can use them to access large amounts of capital at a cheap rate because they can immediately pay the crypto.
About the attack, it was carried out using two exploits, both targeting tokens in the xToken ecosystem.
First, the entity liable used a flash loan to lend 61,800 ETH ($270 million). They used it to manage Kyber Network’s oracle — which relates its blockchain to real-world data. This is to mint lots of xSNXa tokens, exchanging for Ether and Synthetix (SNX).
Secondly, they discovered a fault in the xBNTa contract. As a wrapped token, its minting can only take place using BNT tokens. However, xBNTa failed to check this. So, they were able to use a different token to mint these xBNTa tokens, which they could sell.
Using this scheme, the attacker got 2,400 ETH ($10.3 million), 781,000 BNT ($6.2 million), 407,000 SNX ($8 million) and 1.9 billion xBNTa tokens. So far, they have already sold all of the tokens, except for the xBNTa, for a total of 5,600 Ether ($24.5 million).
Not just this, but the attacker paid 5 ETH ($21,900) in fees to carry out the attack. The reason the cost was high was because Ethereum transaction fees are based on how complex the transaction is— and this was a very complex transaction.
This article was first published on coinquora.com
Continue reading on CoinQuora
Get The News You Want
Written By: CoinEdition
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.