xToken Market: Flash loan + SNX/BNT price manipulation → xSNX/xBNT share price inflation → drain
xToken lost $24M when an attacker used a $267M Flashbots private flash loan to crash SNX's price and mint $24M of xSNXa and xBNTa nearly for free, exploiting the gap between manipulated spot prices and the protocol's internal share valuations.
Summary #
xToken Market suffered a Index / Passive Yield (wrapped SNX and BNT positions) on 2021-05-12, resulting in a loss of approximately $24M.
What happened #
xToken lost $24M when an attacker used a $267M Flashbots private flash loan to crash SNX's price and mint $24M of xSNXa and xBNTa nearly for free, exploiting the gap between manipulated spot prices and the protocol's internal share valuations.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-008 — illustrative : Bug survived review (RD-F-008 = ignored disclosure; closest semantic match for audit-missed-bug) [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Audited — bug survived PeckShield review]
- RD-F-053 — causal : ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — xSNXa/xBNTa price divergence from manipulated underlying spot prices; Uniswap V2 SNX price cratered during attack]
- RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: Flashbots MEV private transaction (front-ran by attacker's own bundle — not visible in public mempool); large SNX sell pressure on Uniswap V...]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — xSNXa/xBNTa price divergence from manipulated underlying spot prices; Uniswap V2 SNX price cratered during attack]