FTX Loses Over 100 Million XEN and 81 ETH in a Hack
Massive Gas theft on the crypto exchange platform, FTX Exchange, as hackers mint XEN token 17,000 times at zero cost.
FTX Becomes Target of Crypto Hack
Bahamas-based centralized cryptocurrency exchange, FTX, has announced its loss of over 81 ETH to hackers in the early hours of today, October 13, 2022. The exchange explained that the hacker exploited a loophole on FTX’s platform, enabling them to mint XEN token 17,000 times at zero costs.
According to a publication, the fraud was effected through a GAS theft vulnerability. The hacker’s address obtained over 100 million XEN Tokens and, through DoDo, Uniswap, and DEXes, converted some XEN into 61 ETH and transferred to FTX and Binance.
As of press time, the loss incurred by FTX amounted to $103,443, while the hacker made a profit of $77,618 by selling the freely minted XEN tokens.
Numerous Abnormal Small-Amount Transfers in FTX Hot Wallet
During the crypto fraud, the hacker made many small transfers with the same withdrawal address, starting with 0x1d37, from the FTX hot wallet address. It repeatedly transferred about 0.0035 ETH to the attack contract. Apparently, an unusual event of a gold withdrawal.
Upon further consideration of the transaction details, it was discovered that each transaction attacking the contract created 1 to 3 sub-contracts. These sub-contracts first performed Mint or Claim of XEN Token. Eventually, these contracts self-destructed and Gas fees paid by the FTX hot wallet address.
Fraud Enabled by FTX’s Vulnerability
Expert analysis of FTX’s wallet attack has revealed that the exchange platform’s mode of operation gave room for the hack. This is because although FTX withdrawals are free of fees, there is no restriction on the Gas Limit of withdrawal transactions. This affords attackers great convenience to steal at no cost.
FTX provides no restriction on the recipient address being the contract address. There is also no restriction on the transfer GAS Limit of ETH’s native Token. Instead, the estimate Gas method is used to evaluate the handling fee. This method results in most of the GAS LIMIT being 500,000, which is 24 times higher than the default value of 21,000.
The GAS Theft is Still in Progress
Unfortunately, the attack on FTX is still taking place, and the exchange platform has not yet taken action to halt it.
A recent tweet by WuBlockchain affirms:
“Someone is stealing GAS by exploiting FTX’s loopholes. XEN TOKEN has been minted 17,000 times at 0 cost, and the GAS theft is still in progress.”
The recently launched XEN token is creating waves in the Ethereum market, as many of the tokens got minted over the past few days. This is primarily due to the ability to mint XEN by simply paying the gas fee. Unfortunately, crypto exchange FTX has lost more than 81 ETH due to gas theft vulnerability.
Recent analysis shows that the XEN Crypto has been down 39% in the last 24 hours due to the FTX hack. Nonetheless, XEN crypto remains the top Ethereum gas guzzler. According to Etherscan data, the project accounted for roughly 15% of the gas fees paid in the last 24 hours.