VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
According to the X-explore blog, the hacker address starting with 0x1d37 is stealing GAS by exploiting the FTX vulnerability, minting XEN tokens 17,000 times at zero cost. The reason for this attack is that FTX does not limit the gas limit of the withdrawal transaction while the withdrawal fee is free. Instead, the estimateGas method is used to evaluate the handling fee. This method causes the GAS LIMIT to be mostly 500,000, which exceeds the default value of 21,000 by 24%. times. Attack method (per SlowMist): Contract Vulnerability. Reported loss: 81 ETH.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- FTX
- bug_class
- logic
- date_occurred
- 2022-10-13
- loss_usd
- —
- source_id
- sm:ftx::2022-10-13
Related — same bug class· logic