In May, xToken protocol was manipulated, which resulted in losses of $25 million worth of SNX tokens. Recently, the protocol was hit by hackers again, and this time, the protocol lost $4.5 million. The protocol’s smart contracts had a vulnerability that was discovered by hackers, following which the hackers proceeded to attack the protocol.
Word of the attack spread like wildfire after xToken tweeted about it. The tweet also mentioned that the other contracts of the protocol don’t have similar vulnerabilities. The tweet added that in the coming days, the people behind the scenes would be completely focused on trust-rebuilding with the greater community. The tweet was concluded with a statement that said that the situation was being assessed and the next steps to be taken would be decided in a few hours.
The hackers had taken an $81 million flash loan (25,000 ETH) from the DEX for carrying out the attack. The next step was using the loan amount as collateral for borrowing Synthetix governance tokens (SNX) worth $1.5 million. The borrowing would be performed through Bancor, a pooled liquidity token exchange, and Aave, a Defi money market protocol.
After borrowing the tokens, the hackers swapped them for $6.5 million on Kyber, a decentralized exchange. This resulted in the exertion of downward pressure on SNX price. Next, the USDC was swapped by the hacker for Synthetix’s USD token (sUSD). After this, the hackers managed to find a flaw in the contracts of xToken. Using this loophole, the hackers purchased 614,000 SNS at 811,000 sUSD, an artificially depressed price.