FTX Suffers Gas Stealing Attack During XEN Token Mint

QUICK TAKE:
FTX lost more than 81 ETH due to the gas theft vulnerability
The hacker’s address obtained 100 million XEN tokens and exchanged some of the XEN tokens for 61 ETH
There are numerous abnormal small-amount transfers in FTX hot wallet and all of these transactions are gas fees paid by the FTX hot wallet address
The recently launched XEN token is creating waves in the Ethereum market, as a large number of the tokens got minted over the past few days. This is primarily due to the ability to mint XEN by simply paying the gas fee. Now, crypto exchange FTX has lost more than 81 ETH due to a gas theft vulnerability.
Further, the hacker’s address obtained over 100 million XEN Tokens. Notably, the hacker exchanged some of the XEN tokens for 61 ETH via DoDo, Uniswap, and other decentralized exchanges. The next step the hacker did was to incorporate funds into the FTX and Binance exchanges, as per an analysis by ‘X-explore.eth’. The loss incurred by FTX was worth $103,443 at press time, while the hacker made a profit of $77,618 by selling the freely minted XEN tokens.
GAS fees are paid by the FTX hot wallet address
Furthermore, in the FTX withdrawal hot wallet address, there are numerous abnormal small-amount transfers. It continuously transferred about 0.0035 ETH to the attack contract, as per the report. Notably, looking at the transaction details, each transaction attacking the contract creates 1 to 3 sub-contracts. Further, these sub-contracts first perform XEN Token Mint or Claim. It is worth noting that these contracts will eventually self-destruct. All of these transactions are gas fees paid by the FTX hot wallet address.
Transaction |Source: ‘X-explore.eth’
It is worth noting that the vulnerability analysis reveals that FTX puts no limitations on the recipient address, which serves as the contract address. Further, the ETH Native Token’s Transfer gas Limit is also unrestricted.
Interestingly, the processing fee is calculated using the Gas estimation method. Further, most gas limits produced by this method are 500,000, which is 24 times greater than the default value of 21,000. “There are a large number of small transfers with the same withdrawal addresses as the FTX withdrawal hot wallet address. “An event that is obviously a withdrawal exception,” the analysis concluded.
FTX’s Loopholes |Source: Twitter
XEN Overwhelms Ethereum
Notably, as per on-chain data, it appears that a mysterious project called XEN Crypto is largely responsible for the rising transaction fees and resulting deflationary pressure on ETH. It is believed that the XEN token was launched by the “Fair Crypto Foundation”. As per the project’s website, it was founded by Jack Levin, an early engineer at Google.
Moreover, users can get the token for free by paying the gas fee and then stake it to earn a 20% APY. As per the XEN project, 582K wallets have minted the token, but only 1K wallets have staked it. Further, users have spent a total of 4.1K ETH to interact with the XEN token contract. Notably, the contract accounted for more than 48% of the gas used on Ethereum at one point since its launch.
Source: Delphi Digital
It is worth noting that the rush to mint XEN tokens has consecutively increased on-chain activity, making ETH deflationary. Further, many people have pointed to the XEN token’s deflation as proof that a sustained increase in on-chain activity during the next bull market can lead to massive ETH deflation.