The XEN token, a recently launched Ethereum project mintable by paying gas fees, is the latest tool hackers use to manufacture money out of thin air.
A Chinese report claims that the FTX cryptocurrency exchange covers the gas costs while the attacker mints the XEN token for free. In order for the FTX’s hot wallet to continuously transfer Ethereum (ETH) tokens piecemeal to their address, the hacker planted a bug on a chain, according to the report.
Due to the GAS theft vulnerability, the FTX exchange has already lost over 81 ETH. The hacker sent over 100 million XEN tokens to his/her wallet.
Consequently, they used DoDo, Uniswap, and other decentralized exchanges to trade some XEN tokens for 61 ETH. Notably, the monitoring platform indicates that the GAS stealing attack against FTX is still ongoing.
Additionally, the platform’s vulnerability assessment claimed that FTX has no limitations on the native token of ETH’s transfer GAS limit.
According to the statement, FTX calculated the handling fee using the “estimateGas” method, which led to the majority of the GAS limit being 500,000, which is 24 times greater than the default value of 21,000.
It also stated that the frequent occurrence of small transfers to the same address from the FTX hot wallet was a clear indication of an abnormal event, which its system should have detected.
Last week, the Binance Chain bridge was exploited for half a billion dollars.