Another $25 Million Gone, This Time xToken Was Exploited
“Minting on all contracts has been paused as we investigate reports,” tweeted xToken protocol on Wednesday before announcing that they have been exploited, nearly $25 million stolen.
The Peckshield audited decentralized passive investing protocol had its liquidity pools drained.
Following this incident, the total volume locked (TVL) in the protocol has fallen to about $60.6 million, from the high of $100.96 million on May 7.
The blue-chip project was exploited with the total value lost on the Bancor and Balancer liquidity pools at about ~$25m across several assets and directly on the xSNXa contract was 416 ETH, shared the team in its initial report.
The funds stolen included 2.4k ETH, 781k BNT, 407k SNX, and 1.9B xBNTa. All tokens except xBNTa have already been sold to ~5.6k ETH through 1inch.
The attacker used a flashloan from DyDx and a Private Transaction using Flashbots MEV to facilitate the attack.
The team is keeping the minting on all contracts disabled until confirmed that such exploits aren’t possible on other funds. A security feature has also been introduced to an upcoming product to prevent this attack.
A detailed plan for holders to recover their tokens will be shared in the coming days.