1. Event overview
1. Event overview
The security team of Chengdu Lianan Security immediately intervened in the analysis and launched a security emergency response to the hacking incident of xWin Finance. After analysis, the xWin Finance hacking event is quite representative and typical, and it is necessary to disclose the attack process to serve as a warning. The attacker used the flash loan to draw out the original funds, and repeated the attack steps, and finally completed the profit and successfully swept the wool.
2. Event analysis
2. Event analysis
First of all, the attacker used the special mechanism of referrers will get rewards to add and remove liquidity multiple times through flash loans, thus obtaining huge rewards for profit.
The following figure is a cycle of the attack process:
The attacker first uses the huge amount of BNB borrowed from the flash loan and calls Subscribe, thus obtaining LP and redundant XWIN (XWIN rewards will be issued to recommenders);
2. The attacker removes the liquidity and redeems the excess XWIN for return;
4. Finally, the attacker withdraws the accumulated XWIN rewards, converts all of them into BNB, and leaves.
3. Event review
3. Event review
Seeing this, it is not difficult to find that the attack method of the xWin Finance hacking incident is not complicated; it is more like a hackers fleece than a hacking attack. The attacker took advantage of the reward mechanism of xWin Finance to continuously add and withdraw liquidity to obtain rewards. Under normal circumstances, because the number of users added is not large, the income obtained may be small, or even not enough to pay the handling fee; but in the face of huge amounts of funds, the rewards will become extremely high.
