Hacked Lending Protocol XCarnival Receives $1.9M Worth of Stolen ETH Back

Please fol­low and like us:
Pin Share

In a quick-paced devel­op­ment, XCar­ni­val, describ­ing itself as a Meta­verse Asset Bank, lost over 3,087 ETH to a hack­er and nego­ti­at­ed the return of half of the funds less than 24 hours after the incident. 

Exploit­ing a flaw in its smart con­tract, the attack­er used a Bored Ape Yacht Club NFT, which was already with­drawn after being pledged, as col­lat­er­al to bor­row from the plat­form. The same trans­ac­tion was repeat­ed sev­er­al times until a watch­dog alert­ed XCar­ni­val, which prompt­ly paused the oper­a­tions – smart con­tracts, lend­ing, and borrowing. 

Alert from Watchdog

The plat­form for which the loss can be much high­er was alert­ed by blockchain secu­ri­ty and data ana­lyt­ics com­pa­ny Peck­Shield. The ini­tial amount used for the attack was 120 ETH that the hack­ers with­drew from Tor­na­do Cash, Peck­Shield said. 

Sub­se­quent­ly, the watch­dog pro­vid­ed more details in a series of tweets as to how the hack was pulled off. 

“The hack is made pos­si­ble by allow­ing a with­drawn pledged NFT to be still used as the col­lat­er­al, which is then exploit­ed by the hack­er to drain assets from the pool,” it said in one of its tweets. 

Near­ly 12 hours after the attack, XCar­ni­val asked the hack­er to return the stolen funds, offered a 1,500 ETH boun­ty, and promised exemp­tion from legal action. As per blockchain data, the exploiter accept­ed the offer after a boun­ty nego­ti­a­tion that began with 250 ETH and set­tled at 1,500 ETH. 

Theft and Scam Prevention

In a sim­i­lar inci­dent, Hol­ly­wood per­son­al­i­ty Seth Green’s Bored Ape #8398, stolen in a phish­ing attack on May 17, was nego­ti­at­ed for the return. Green report­ed­ly paid 165 ETH (approx. $300k) for the NFT to its new own­er, who had bought it for $200k in good faith, unaware that it was a stolen one. 

Fred Simi­an, as Green had named the NFT char­ac­ter, was to be used as the main char­ac­ter in one of his upcom­ing shows – White Horse Tavern.

The NFT trade sky­rock­et­ed from under $200 mil­lion in 2020 to $40 bil­lion in 2021. Con­se­quent­ly, instances of such theft and pla­gia­rism have also increased in this space. Ear­ly this month, the CEO of one of the largest NFT mar­ket­places – OpenSea – Derin Finz­er, out­lined the need for Trust and Safe­ty invest­ments in areas such as theft and scam pre­ven­tion, among others. 

SPECIAL OFFER (Spon­sored)

Binance Free $100 (Exclu­sive): Use this link to reg­is­ter and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Spe­cial Offer: Use this link to reg­is­ter & enter POTATO50 code to receive up to $7,000 on your deposits.



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *