FTX Lost Over 81 ETH And Over 100M XEN Tokens Due To GAS Stealing Vulnerability
Hackers stole GAS by exploiting the loopholes of the FTX exchange. The recently popular token, XEN was minted 17,000 times at a cost of 0 coins, and the GAS theft is still going on.
On October 13, opang & X-explore wrote that crypto exchange FTX lost a total of more than 81ETH due to a GAS theft vulnerability and that the hacker’s address obtained over 100 million XEN Tokens and through DoDo, Uniswap and Decentralized Trading Platforms Convert some XEN into 61 ETH and transfer to FTX and Binance.
There are many same abnormal small-amount transfers in the FTX withdrawal hot wallet address. Looking further at the transaction details, each transaction attacking the contract creates 1 to 3 sub-contracts, and these sub-contracts first perform Mint or Claim of XEN Token. Eventually these contracts will self-destruct. These operations are all gas fees paid by the FTX hot wallet address.
According to the vulnerability analysis, FTX does not impose any restrictions on the recipient address which is the contract address. There is also no limit to the Transfer GAS Limit of the ETH Native Token, but the Gas estimation method is used to evaluate the processing fee.
This method results in most GAS LIMITs of 500,000, 24 times higher than the default value of 21,000. There is a large number of small transfers with the same gold withdrawal address. It was an apparently unusual event of a gold withdrawal.
The GAS theft is still in progress. FTX withdrawals are free of fees, which brings great convenience to attackers at zero cost to steal.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Foxy
CoinCu News