You are here
Home > All Crypto > Beleaguered DeFi undertaking xToken suffers second main exploit since Could

Beleaguered DeFi undertaking xToken suffers second main exploit since Could

The decentralized finance undertaking xToken has suffered one other exploit over the weekend after hackers found a vulnerability within the sensible contracts for its xSNX product.

On Aug. 29, the xToken crew reported that the assault had resulted in roughly $4.5 million price of funds being drained from xToken’s xSNX product — which permits customers to realize publicity to Synthetix-based property with out immediately interacting with the protocol’s advanced sensible contracts.

The undertaking printed a put up mortem just a few hours later, explaining that the malicious actor had taken out a flash mortgage from the dYdX decentralized trade (DEX) for 25,000 ETH (roughly $81 million) to hold out the assault.

They then used the Ether as collateral to borrow 1.5 million Synthetix governance tokens (SNX) utilizing fashionable DeFi cash market protocol Aave, and pooled liquidity token trade, Bancor.

These had been swapped for six.5 million USDC on decentralized trade, Kyber, exerting downward stress on the value of SNX. The attacker then swapped the USDC for Synthetix’s USD token (sUSD), earlier than exploiting a flaw in xToken’s contracts to buy 614,000 SNX at an artificially depressed worth for 811,000 sUSD.

At present costs, the hacker made off with $7 million price of SNX.

In response to the most recent assault, xToken has introduced it should retire the xSNX product, stating:

“The present xSNX implementation is by far our most intricate product, with advanced dependencies and important floor space for vulnerabilities.”

Associated: How do DeFi protocols get hacked?

xToken permits customers to carry interest-bearing derivatives of crypto property like AAVE and SNX that require holders to take part in staking, governance, or different protocol interplay with a purpose to obtain yield.

The incident is just not the primary time xToken has been exploited this 12 months. In Could, the protocol suffered an identical destiny when a malicious actor manipulated the Kyber DEX whereas additionally concurrently benefiting from xToken worth calculations. The breach price the protocol round $25 million in SNX tokens on the time.

Transferring ahead, the xToken crew said it should spend the approaching week working to calculate investor losses and construction a compensation program based mostly on utilizing its native token, XTK.

On the time of writing, XTK had dumped 45% over the previous 24 hours, based on CoinGecko, and is down greater than 90% from its April all-time excessive which preceded the primary exploit.