xToken's xSNX and xBNT pools were exploited via flash loan and reentrancy attack, draining approximately $25M.
The attacker exploited two separate vulnerabilities in xToken's xSNX and xBNT pools. For xSNX, a flash loan was used to manipulate the SNX price oracle during minting. For xBNT, a reentrancy vulnerability allowed the attacker to mint tokens before the balance was updated. Both exploits were executed in coordinated transactions.
Stolen ETH proceeds moved through Tornado Cash in batches. xToken published a detailed post-mortem and paused all contracts. The protocol was later exploited again in August 2021 for an additional $4.5M. The founding team launched xToken Terminal as a replacement product. No funds recovered.
0x64b9a7cd25c97cac6cd5c7a7a0e55e318d6ab9fae5dca4d57b3e16fb7a6e4f5