VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The DeFi pledge and liquidity strategy platform xToken was attacked, and the xBNTaBancor pool and the xSNXaBalancer pool were immediately exhausted, causing nearly $25 million in losses. The SlowMist security team analyzed that the two modules that were hacked this time were the xBNTa contract and the xSNXa contract in xToken. The two contracts were subjected to a "counterfeit currency" attack and an oracle manipulation attack. Attack method (per SlowMist): Oracle Attack. Reported loss: $ 25,000,000.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- xToken
- bug_class
- oracle
- date_occurred
- 2021-05-13
- loss_usd
- $25,000,000
- source_id
- sm:xtoken::2021-05-13
Related — same bug class· oracle