According to on-chain security researcher and ZenGo co-founder Tal Be’ery, the hacker who attacked NFT lending pool XCarnival for 3,087 ETH ($3.8 million) has returned half of the cash.
XCarnival, as an NFT lending pool, let users to borrow dollars by utilizing their collectibles as collateral for loans. On Sunday, XCarnival experienced a security breach that allowed an exploiter to steal $3.8 million in ETH from the network.
Be’ery said:
“The core issue was a vulnerability that allowed the attacker to borrow multiple times against the same NFT collateral,”
To borrow funds, the hacker put one NFT, Bored Ape #5110, as collateral. Normally, the process should lock up the Bored Ape used as collateral until the loan is repaid.
However, the hacker was able to remove the Bored Ape collateral without repaying the loan and use it to obtain another loan. This activity was done numerous times, draining the protocol of 3,087 ETH.
Following the event, XCarnival approached the hacker via on-chain communications, requesting the funds be returned. In compensation for the stolen monies, the NFT lending pool first offered a $300,000 prize. XCarnival then boosted its offer to half the money stolen, which the hacker accepted.
As at the time of publication, the hacker’s wallet contained 1,500 ETH ($1.8 million). The remaining 120 ETH withdrawn from Tornado Cash in order to carry out the exploit have been returned.
In exchange for returning half of the stolen funds, the NFT lender committed not to pursue any legal action against the hacker.
It is becoming increasingly common for projects to pay bug bounties to hackers who steal from them. This happened, for example, to the exploiter who stole 20 million Optimism tokens from Wintermute earlier in June and later restored 17 million of those coins, with the two parties considering it even.
Harmony also just announced a $1 million reward for the recovery of the $100 million stolen on June 23 via its Horizon bridge protocol. Harmony’s offer also includes a commitment not to press prosecution against the hackers.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Patrick
CoinCu News
There’s always that one coin people wish they hadn’t overlooked. For many, Cosmos ($ATOM) is…
Cosmos Developer Interchain Foundation sold 3000 ETH from its ICO today, totaling 21,600 ETH sold…
George Town, Grand Cayman, 22nd November 2024, Chainwire
Inflation Warning by Vanguard highlights risks during Trump’s term, citing tariffs and tighter labor markets…
Clanker token trading volume hit $59.8M on Nov 21, accounting for 14.75% of PumpFun. Fee…
Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…
This website uses cookies.