Malicious activities within the crypto space seem to be rising to significant levels. Of late, the number of hacks has led to millions of dollars worth of security breaches within each crypto platform.
This latest development is no different. As per the recent development, the decentralized finance project xToken was the latest victim of a security breach. It lost roughly $4.5 million worth of funds. As mentioned in the official blog,
“On 29 August at 04:43 UTC, a vulnerability in our xSNX contract was exploited. We estimate the loss to holders at $4.5 million. We are incredibly disappointed in ourselves and deeply sorry to our community.”
The said product (xSNX) allows users to gain exposure to Synthetix-based assets without directly interacting with the protocol’s complex smart contracts.
Here’s what happened (post-analysis)
Consider this report on the analysis of the said mishap.
The alleged hacker took advantage of a vulnerability in the project’s xSNX smart contract. “…the attacker was able to call the ‘callFunction,” as pointed in the report.
Needless to say, post the attack, the firm halted all the transactions involving the said token. The report noted,
“At this time, we believe it best to sunset our xSNX product offering. The current xSNX implementation is by far our most complicated product, with complex dependencies and significant surface area for vulnerabilities.”
Moreover, the team decided accelerate its contract upgrade, early this week, and stated that it “will allow us to swap all of the assets in the contract into ETH to allow for maximum value at redemption.”
Moving forward, the xToken team stated it will spend the coming week working to calculate investor losses and structure a compensation program based on using its native token, XTK. However, the token suffered a massive setback over the past week. Although, it did depict recovery at press time as it surged by around 18% in 24 hours.
That said, this wasn’t the first time that xToken had suffered a hack.
xSNXa and xBNTa contracts have been exploited. Minting paused on all contracts as we investigate further.
Liquidity pools have been drained, however most SNX and BNT remain in xToken contracts.
We owe the community an explanation and will be providing another update shortly
— xToken (@xtokenmarket) May 12, 2021
Cream Finance was attacked by a flash loan and lost approximately US$18 million. https://t.co/Do6xvbQ7r5
— Wu Blockchain (@WuBlockchain) August 30, 2021