- The address of a hacker received more than 100 million XEN Tokens.
- The entire gas expense for these transactions is covered by the FTX hot wallet address.
- The gold withdrawal was an event that seemed strange.
A hacker’s address gained more than 100 million XEN Tokens. It used DoDo, Uniswap, and Decentralized Trading Platforms to convert some XEN into 61 ETH and transfer to FTX and Binance, according to an article published on October 13 by Opang & X-explore.
The FTX withdrawal hot wallet address has a lot of strange small-amount transfers. Analyzing the transaction information further reveals that each transaction attacking the contract spawns 1 to 3 sub-contracts.
This would initially carry out Mint or Claim of XEN Token operations. These contracts will eventually self-destruct. The FTX hot wallet address covers all of the gas costs for these transactions.
The vulnerability research reveals that FTX places no limitations on the receiver address, which serves as the contract address. The ETH Native Token’s Transfer GAS Limit is also unrestricted, but the processing charge is calculated using the Gas estimation method.
Most GAS LIMITS produced by this method are 500,000, which is 24 times greater than the normal amount of 21,000. The same gold withdrawal address has been used for numerous tiny transfers. The gold withdrawal was an event that seemed strange.
The theft of GAS is still ongoing. Withdrawals from FTX are fee-free, which offers attackers enormous ease at no cost to steal.
Sam Bankman-Fried, co-founder and CEO of FTX Derivatives Exchange, has underlined in his characteristically forthright manner that his company will welcome any laws put forth by legislators to direct developments in the bitcoin ecosystem.
