Attackers Mint XEN Token for Free Through Crypto Exchange FTX’s Hot Wallet
XEN token is a recently launched Ethereum project minted by paying gas fees. According to a blog post by X-explore on October 13, an attacker has been minting the XEN token for free, while the FTX crypto exchange pays the gas fees.
The report revealed that the hacker placed a bug on the chain, causing the FTX’s hot wallet to continuously transfer Ethereum tokens piecemeal to their address. As of now, the FTX exchange has lost a total of more than 81 ETH due to the GAS theft vulnerability. The hacker address has acquired over 100 million XEN Token and exchanged some of the XEN tokens for 61 ETH through decentralized exchanges such as DoDo, Uniswap, and others, depositing them to the FTX as well as Binance exchanges.
The price of the controversial XEN token has dropped by more than 33% since the incident, according to CoinGecko. Unfortunately, the GAS theft attack against FTX is still ongoing.
X-explore analyzed the reasons behind the incident. FTX doesn’t set any restrictions on the recipient address being the contract address, nor a limit on the transfer GAS Limit for ETH Tokens, but rather, the estimateGas method is used to evaluate the processing fee. Withdrawing coins from FTX doesn’t incur fees, lending convenience to the attacker’s strategy.
Beosin, a leading global Web3 blockchain security company, also suggested that FTX set restrictions on the recipient address being the contract address.
SEE ALSO: Crypto Exchange FTX to Delist ANC, Suspend Deposits and Withdrawals of LUNC and USTC
XEN Crypto is commited to creating and channeling economic energy through the XEN token. Its effort is directed at promoting self-custody, trust through consensus, transparency, and decentralization. Reports have also emerged that the XEN token is experiencing a Sybil attack, which is when one system operates multiple fake identities on a P2P network, with each identity performing its own transactions. On October 12, around 80% of participating addresses were Sybil addresses.
In related news, BNB Chain, the native blockchain behind Binance, was exploited last week, with $100 million drained.