The decentralized finance project xToken has suffered another exploit over the weekend after hackers discovered a vulnerability in the smart contracts for its xSNX product.

On Aug. 29, the xToken team reported that the attack had resulted in roughly $4.5 one thousand thousand worth of funds beingness drained from xToken's xSNX product — which allows users to proceeds exposure to Synthetix-based assets without directly interacting with the protocol's complex smart contracts.

The project published a postal service mortem a few hours later, explaining that the malicious thespian had taken out a wink loan from the dYdX decentralized exchange (DEX) for 25,000 ETH (roughly $81 one thousand thousand) to carry out the attack.

They then used the Ether every bit collateral to infringe 1.5 million Synthetix governance tokens (SNX) using pop DeFi money market protocol Aave, and pooled liquidity token exchange, Bancor.

These were swapped for 6.5 one thousand thousand USDC on decentralized exchange, Kyber, exerting downwardly pressure on the price of SNX. The attacker then swapped the USDC for Synthetix'southward USD token (sUSD), before exploiting a flaw in xToken'due south contracts to purchase 614,000 SNX at an artificially depressed price for 811,000 sUSD.

At electric current prices, the hacker fabricated off with $7 million worth of SNX.

In response to the latest assault, xToken has announced it will retire the xSNX product, stating:

"The electric current xSNX implementation is by far our most complicated product, with circuitous dependencies and significant surface surface area for vulnerabilities."

Related: How do DeFi protocols get hacked?

xToken allows users to hold involvement-begetting derivatives of crypto assets like AAVE and SNX that crave holders to participate in staking, governance, or other protocol interaction in order to receive yield.

The incident is not the kickoff time xToken has been exploited this year. In May, the protocol suffered a similar fate when a malicious actor manipulated the Kyber DEX while also simultaneously taking reward of xToken cost calculations. The alienation cost the protocol effectually $25 one thousand thousand in SNX tokens at the time.

Moving forward, the xToken team stated it will spend the coming week working to calculate investor losses and construction a compensation program based on using its native token, XTK.

At the fourth dimension of writing, XTK had dumped 45% over the by 24 hours, according to CoinGecko, and is downwards more than than xc% from its April best high which preceded the commencement exploit.