The growth of decentralized finance, or DeFi, has set the stage for a fully decentralized financial ecosystem. But, given the innovative nature of space, DeFi continues to be a work in progress and is hence prone to a number of vulnerabilities.
In the recent development, decentralized finance project xToken came under yet another exploit after the malicious entities behind it identified a vulnerability in the smart contracts for its xSNX product. In the latest post-mortem report, the xToken team revealed the vulnerability in its xSNX contract which was exploited by the hackers that led to a loss of $4.5 million.
xToken decided to withdraw the xSNX product offering and noted that the current xSNX implementation is by far their “most complicated product,” and added that it has “complex dependencies” and “significant surface area for vulnerabilities.”
The DeFi X-ploiter Returns
This isn’t the first time that xToken suffered an exploit of this magnitude. As a matter of fact, nearly three months ago the DeFi platform was drained off of $24 million in the same token, to the identical attack technique. While unfortunate, some in the crypto industry speculated if effective security controls were put in place. Along with the same line Analyst, Rekt Capital noted,
“X-token rekt again, and it seems flash loans are still in fashion. ~$4.5 million stolen from their xSNX contract. Three months ago this team lost $24 million – in the same token, to the same attack technique. At the time, we wrote; XToken is a quality protocol. Now we’re not so sure.”
The analyst also admitted that the withdrawal of the offering was wise but questioned the DeFi project’s public admission that the xSNX was too complicated as the team revealed the vulnerabilities about the product implementation.
“The decision to withdraw their xSNX offering may be wise, however, by publicly admitting that it was too complicated for them, aren’t they just worsening the damage to their reputation?”
Previously, crypto intelligence firm CipherTrace had disclosed that DeFi hacks totaled $361 million by July 2021, which accounted for three-quarters of the total hack volume of the entire cryptocurrency space for this year. Despite technological advancements, many industry experts believe that DeFi-related crime and security breaches will continue to advance decentralized finance moving forward.
Several notable individuals in the industry have previously opined the lack of KYC as a driver behind the increase in hacks that unintentionally ends up providing bad actors access to financial services for illicit activity.”