Another day, another hack. For some time, it was relatively calm. I mean somewhat as DeFi space had more than two days time span between hacks. On the 12th of May, XToken has been hacked for around $24M. Yup. Adding only hacks that have happened in May, ~$85M were stolen. And it’s still not even half of May, let alone half of a year!
How did it happened?
Flashloans. The mother of all hacks from the last year. But it wasn’t a “classic” flash loan.
For those who don’t understand what I’m talking about, flash loans, as the name suggests, is a way to borrow a large amount of money from a protocol like Aave or DyDx for a certain fee. The caveat is it needs to be returned within one transaction block. If not, the transaction will be reversed.
This could be used in a number of ways, but most people are using it for arbitrage. Second I think the most popular and notorious way of using them is to break some other protocols or manipulate the price of an Oracle, and that precisely what has happened to the XToken.
Of course, it a bit more complicated than that, but I will let Frank Researcher explain how did it happened, step by step.
But why this hack wasn’t a classic flash loan? Because an attacker used private transactions using Flashbots MEV to carry out the attack and don’t get 🥪’ed in AMM trades by MEV.
Easy, I’m breaking all this terminology down.
- Flashbots is a research and development organization formed to mitigate the negative externalities and existential risks posed by MEV. They provide a way to bundle transactions together and send them as atomic operations.
- Miner extractable value (MEV) is a measure devised to study consensus security by modeling the profit a miner (or validator, sequencer, etc.) can make through their ability to arbitrarily include, exclude, or re-order transactions from the blocks they produce. For example, an attacker can see a profitable transaction and try to front-run it by paying a higher gas price, thus making a profit. Or by performing Sandwich Attack on AMM trades.
- Sandwich Attack: Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets the victim execute the trade, and then backruns (executes after) the victim by trading back the amount gained in the first trade.
So yeah, even attackers need to be aware of the Dark Forest and all the lurking predators.
As rekt has stated in its overview of the attack.
We’re not used to seeing our blue-chip babies involved in such violence.
Perhaps that label gives a false sense of security, even the most time-tested protocols are still incredibly new when you look long term.
I’ve been writing about it in my two previous posts. No audit will make your product 100% secure, and audits are no silver bullets. Blockchain Security is an ever-changing landscape, and new threats are emerging.
Some protocols can withstand the test of time and not get hacked, but some, unfortunately, cannot say the same. We never know what lies ahead of us in terms of security. That’s why we should always strive to learn more, analyze new attack vectors and update the security of the products constantly. Security is not a one-time thing you can apply. It’s an ongoing process.