FTX lost over $100,000 in gas theft
Today, October 13, the Wu Blockchain team drew attention to an anomalous activity in the FTX hot wallet. A hacker took advantage of a vulnerability in the withdrawal mechanism, "siphoning off" over $100k in gas fees.
The Wu Blockchain team announced the vulnerability on its Twitter page. The reason for what happened is that FTX, while not charging a withdrawal fee, does not impose a gas limit on transactions.
The hacker created several contracts with 1-3 subcontracts. Each of them executed a mine or claim in XEN. Each of these transactions resulted in a gas fee debit from the FTX hot wallet.
As a result, the exchange lost 81 ETH. At the same time, the hacker transferred 100 million XEN to his account, some of which he withdrew back to FTX and Binance. Thus, he earned 61 ETH (over $70,000).
There were quite a few small transactions like that "siphoning off" fees from the exchange. Over time, these contracts simply self-destruct.
Wu Blockchain claims that the exploit has not yet been closed. Therefore, it is too early to judge the exact losses of the exchange.