An FTX user managed to exploit the exchange’s gas fee mechanism, stealing 81 ETH worth of gas according to a report from X-explore.

Photo by Fré Sonneveld on Unsplash

According to analysis from X-explore on Thursday, an attacker minted XEN a total of 17,000 times at zero cost thanks to a loophole in FTX. For context, XEN is a newly created token – dubbed a Ponzi by some in the crypto space – that is free to mint if gas fees are paid. Massive interest in minting the token is believed to have caused Ethereum to turn deflationary shortly after its launch on Oct. 8.

On Oct. 10, the exploiter in question reportedly deployed an attack contract that tricked FTX hot wallet into paying for XEN minting transactions. X-explore’s analysis of the attacker’s wallet address on Etherscan, shows that the hacker acquired 100 million XEN tokens, with FTX losing a total of 81 ETH due to what the analysts call a “gas theft vulnerability.”

“We have monitored the on-chain attack and currently only perceive that the FTX exchange is facing such an attack. However, the GAS theft attack against FTX is still ongoing,” wrote the analysts in the report.

X-explore’s findings were later backed by an independent analysis from blockchain security from BlocSec, as per a report from The Block. BlocSec found that FTX had paid more than $120,000 worth of ETH for the user’s XEN minting spree.

Another report from X-explore claims that the XEN project is now facing large Sybil attacks – a scenario where a single node is able to operate multiple identities on a blockchain network to gain an influence. At the time of writing, analysts believed that 80% of 335,000 potential sybil attack addresses were participants.