The decentralized finance mission xToken has suffered one other exploit over the weekend after hackers found a vulnerability within the sensible co
The decentralized finance mission xToken has suffered one other exploit over the weekend after hackers found a vulnerability within the sensible contracts for its xSNX product.
On Aug. 29, the xToken crew reported that the assault had resulted in roughly $4.5 million value of funds being drained from xToken’s xSNX product — which permits customers to realize publicity to Synthetix-based belongings with out instantly interacting with the protocol’s complicated sensible contracts.
Our xSNX contract was exploited. Our different contracts would not have comparable vulnerabilities.
Each day going ahead from right here will likely be centered on rebuilding belief with our neighborhood.
We’re assessing the state of affairs and can replace with subsequent steps within the coming hours
— xToken (@xtokenmarket) August 29, 2021
The mission revealed a submit mortem just a few hours later, explaining that the malicious actor had taken out a flash mortgage from the dYdX decentralized trade (DEX) for 25,000 ETH (roughly $81 million) to hold out the assault.
They then used the Ether as collateral to borrow 1.5 million Synthetix governance tokens (SNX) utilizing well-liked DeFi cash market protocol Aave, and pooled liquidity token trade, Bancor.
These have been swapped for six.5 million USDC on decentralized trade, Kyber, exerting downward strain on the value of SNX. The attacker then swapped the USDC for Synthetix’s USD token (sUSD), earlier than exploiting a flaw in xToken’s contracts to buy 614,000 SNX at an artificially depressed worth for 811,000 sUSD.
At present costs, the hacker made off with $7 million value of SNX.
In response to the most recent assault, xToken has introduced it can retire the xSNX product, stating:
“The present xSNX implementation is by far our most intricate product, with complicated dependencies and vital floor space for vulnerabilities.”
Associated: How do DeFi protocols get hacked?
xToken permits customers to carry interest-bearing derivatives of crypto belongings like AAVE and SNX that require holders to take part in staking, governance, or different protocol interplay with a view to obtain yield.
The incident is just not the primary time xToken has been exploited this 12 months. In Might, the protocol suffered the same destiny when a malicious actor manipulated the Kyber DEX whereas additionally concurrently making the most of xToken worth calculations. The breach value the protocol round $25 million in SNX tokens on the time.
Transferring ahead, the xToken crew acknowledged it can spend the approaching week working to calculate investor losses and construction a compensation program primarily based on utilizing its native token, XTK.
On the time of writing, XTK had dumped 45% over the previous 24 hours, in keeping with CoinGecko, and is down greater than 90% from its April all-time excessive which preceded the primary exploit.
cointelegraph.com