As we all know, there is a hot token called XEN. The participants just pay the gas fee that can return with the token XEN. So is there a way to get someone else to pay the gas fee for us instead? The answer is YES , recently we found a hacker who was using FTX to pay for him.
On October 10, attacker 0x1d371CF00038421d6e57CFc31EEff7A09d4B8760 deployed the attack contract on the chain (e.g., 0xCba9b1Fd69626932c704DAc4CB58c29244A47FD3)
The FTX exchange outgoing hot wallet address (0xC098B2a3Aa256D2140208C3de6543aAEf5cd3A94) makes successive small ETH transfers of around 0.0035 ETH to the attack contract, as shown below.
Looking further into the transaction details, each transaction attack contract creates 1 to 3 subcontracts. The attack first performed Mint or Claimed of XEN Token, and these contracts will self-destruct eventually. All the gas fees related to the transactions are paid by FTX hot wallet addresses.
As of now, the FTX exchange has lost a total of 81+ ETH due to the GAS theft vulnerability, and the hacker address has acquired over 100 million XEN Token and exchanged some of the XEN tokens for 61 ETH through decentralized exchanges such as DoDo, Uniswap, etc. and deposited them to the FTX as well as Binance exchanges.
We have monitored the on-chain attack and currently only perceive that the FTX exchange is facing such an attack. However, the GAS theft attack against FTX is still ongoing. The following are the addresses of the contracts deployed by the attackers.
0xcba9b1fd69626932c704dac4cb58c29244a47fd3
0x6a6474d79536c347d6df1e5f1ce9be12613a13c6
0x51125a7d015eddc3dbef138a39ba091863d1f155
0x6438162e69037c452e8af5d6ae70db1515324a3d
0xb69d4de5991fa3ded39c27ed88934a106f0af19e
0x8b2550add3c5067ca7c03b84e1e37b14b35aa1e5
0x2e1891de1e334407fafaab09ac545bb9e4099833
0xebe5cccc75b4ec5d6d8c7a3a8cee0d8c0e821584
0xcf0da9cea8403ff1e3ed6db93f3badc885c24522
0x524db09476bb87b581e1c95fbf37383661d1829a
0x1afd71464dd7485f8b3cea7c658c6a1e2b3e77a4
0xfc3ee819f873050f7f3bbce8b34ba9df4c44b5d0
0xb6bdf9eb331d0109dd3ba1018f119c59341fbb40
0x8e2b77c3c8d6e908aea789864e36a07bea1aaf58
0x46666a93b1f83b4c475b870dc67dc0dbd8a16607
0x15e5bf7f142ffa6f5eb7e1a30725603c97c2d0d6
0x6845eebc315109a770dcc7a43ed347405a82e94b
FTX Wallet Security: There is neither any restriction on the recipient address being the contract address, nor a limit on the transfer GAS Limit for ETH Tokens, but rather the estimateGas method is used to evaluate the processing fee, which results in a GAS LIMIT of mostly 500,000, exceeding the default value of 21,000 by a factor of 24.
FTX withdrawal security: there are a large number of small transfers from FTX withdrawal hot wallet address to the withdrawal of funds from the same withdrawal address. This is an obvious withdrawal anomaly.
For more info, please subscribe:
Mirror: https://mirror.xyz/x-explore.eth
Twitter: https://twitter.com/x_explore_eth