The Beosin security team analyzed the Gas theft attack on FTX, taking one of the attack transactions as an example (0x8eb73bd5c08318a4cfd233940c3a58744830cda999e59ecbc56f094618a931d69), the attacker first deployed the attack contract (0xCba9b1Fd696F6932C254DAc2) on the chain. The FTX hot wallet address will transfer a small amount of funds to the attack contract address, and use the attack contract (0xCba9...7FD3) to create sub-contracts in batches. Since a large number of contracts are created throughout the attack, and each time the sub-contract is executed, the sub-contract will self-destruct. Next, the fallback() function of the sub-contract initiates a minting request to the Xen contract. In the following function, the claimRank() function passes in a time limit (minimum 1 day) for minting. The minting condition is that only the calling gas fee is paid, and there is no other cost. And the claimMintReward() function is an extraction function, which only judges whether the time limit is reached (the time limit set by the hacker is the minimum value of 1 day), and then it can be extracted unconditionally. But in this calling process, the transaction initiator is the FTX hot wallet address, so the Gas in the whole calling process is paid by the FTX hot wallet address, and the Xen minting address is the attacker’s address. The first three steps are repeated multiple times, and during each repetition, expired tokens are withdrawn and new minting requests are initiated at the same time. As of the time of publication, through Beosin Trace tracking, it was found that the FTX exchange lost 81ETH, and the hacker exchanged XEN Token for ETH through DODO and Uniswap.