A vulnerability assessment indicated that FTX has no limitation on GAS transfer.
The XEN token, a newly launched Ethereum project mintable by producing gas fees, is the most delinquent instrument hackers use to manufacture money out of thin air.
As stated in a Chinese report, an attacker mints the XEN token for free. Meanwhile, the FTX crypto exchange pays for the gas costs. The report demonstrated that the hacker set a bug on a chain for the FTX’s hot wallet to continually transfer Ethereum (ETH) tokens piecemeal to their address.
So far, the FTX exchange has failed over 81 ETH due to the GAS theft vulnerability. The hacker’s wallet has received more than 100 million XEN Tokens. They have exchanged some XEN tokens for 61 ETH through DoDo, Uniswap, and decentralized exchanges. Notably, the GAS stealing raid against FTX is still in advancement, as stated on the monitoring platform.
No restrictions
Also, the vulnerability estimation by the platform alleged that FTX has no limitation on the transfer GAS limit of ETH’s native token. It stated that FTX used the “estimateGas” method to assess the handling fee. This resulted in most of the GAS limit standing at 500,000. It is 24 times higher than the default value of 21,000.
Further, it noted that the frequent number of small transfers with the same address from the FTX hot wallet was an apparent abnormal event that its system should have flagged.
In connected news, the Binance Chain bridge was used last week, with over half a billion dollars lost in the event.
The post-FTX Loses 100 Million XEN Tokens to GAS Theft Vulnerability occurred first on Coin Edition.
