According to on-chain security researcher and ZenGo co-founder Tal Be’ery, the hacker who attacked NFT lending pool XCarnival for 3,087 ETH ($3.8 million) has returned half of the cash.
XCarnival, as an NFT lending pool, let users to borrow dollars by utilizing their collectibles as collateral for loans. On Sunday, XCarnival experienced a security breach that allowed an exploiter to steal $3.8 million in ETH from the network.
Be’ery said:
“The core issue was a vulnerability that allowed the attacker to borrow multiple times against the same NFT collateral,”
To borrow funds, the hacker put one NFT, Bored Ape #5110, as collateral. Normally, the process should lock up the Bored Ape used as collateral until the loan is repaid.
However, the hacker was able to remove the Bored Ape collateral without repaying the loan and use it to obtain another loan. This activity was done numerous times, draining the protocol of 3,087 ETH.
Following the event, XCarnival approached the hacker via on-chain communications, requesting the funds be returned. In compensation for the stolen monies, the NFT lending pool first offered a $300,000 prize. XCarnival then boosted its offer to half the money stolen, which the hacker accepted.
As at the time of publication, the hacker’s wallet contained 1,500 ETH ($1.8 million). The remaining 120 ETH withdrawn from Tornado Cash in order to carry out the exploit have been returned.
In exchange for returning half of the stolen funds, the NFT lender committed not to pursue any legal action against the hacker.
It is becoming increasingly common for projects to pay bug bounties to hackers who steal from them. This happened, for example, to the exploiter who stole 20 million Optimism tokens from Wintermute earlier in June and later restored 17 million of those coins, with the two parties considering it even.
Harmony also just announced a $1 million reward for the recovery of the $100 million stolen on June 23 via its Horizon bridge protocol. Harmony’s offer also includes a commitment not to press prosecution against the hackers.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Patrick
CoinCu News
Discover how DTX Exchange's historic achievement of 100,000 transactions per second on a layer-1 blockchain…
VanEck suggests the U.S. could reduce its national debt by 35% by 2050 through a…
President-elect Donald Trump named Bo Hines as the executive director of the presidential crypto council.
Explore the best new meme coins with 1000X potential. Learn how BTFD Coin leads with…
BlockDAG crosses $170.5M in presale success with BDAG250 bonus and Whitepaper V3 launch! Solana grows…
Discover why Qubetics, Toncoin, and XRP are the best coins to invest in right now.…
This website uses cookies.