· xToken suffers a $4.5 million attack
· This is the second attack since May
· xToken to retire the xSNX product
In this latest exploit on the beleaguered DeFi project, hackers have managed to compromise $4.5 million targeting smart contracts on the DeFi protocol. The funds were drained from xToken’s xSNX that gives users access to Synthetix-based assets.
According to xToken, the hacker first took out a flash loan worth roughly $81 million (25,000 ETH) from dYdX DEX to be able to finalize their attack. The stolen ETH was used as collateral to borrow 1.5 million SNX through the popular Aave DeFi protocol and Bancor, a pooled liquidity token exchange.
The hacker swapped the SNXs for 6.5 million USDC on Kyber, a decentralized exchange, which negatively impacted the SNX price. The USDC was then swapped for sUSD (Synthetix’s USD token) before exploiting a vulnerability in xToken’s contracts to buy 614,000 SNX worth 811,000 sUSD at the reduced price.
In lite of this attack, xToken has announced its plans to retire the xSNX, stating that the product comes with complex dependencies with significant potential for vulnerabilities.Kibet Elikana