XCarnival, a liquidity provider for the Ethereum ecosystem, recovered 1,467 Ether (ETH) just a day after suffering an exploit that drained 3,087 ETH, worth roughly $3.8 million, from the protocol.
Blockchain investigator Peckshield fark the XCarnival hack as it came across a stream of transactions that eventually bled 3,087 ETH from the protocol. Explaining the nature of the exploit, Peckshield stated:
"Kesme, geri alınan bir taahhütlü NFT'nin teminat olarak kullanılmasına izin verilerek mümkün kılınır ve daha sonra bilgisayar korsanı tarafından havuzdan varlıkları boşaltmak için kullanılır."
Soon after the revelation, XCarnival proactively informed the users about the hack while temporarily suspending a part of its services to counter the annoying attack. The protocol also offered the hacker 1,500 ETH as a bounty in addition to offering exemption from legal proceedings.
XCarnival 26 Haziran 2022'de saldırıya uğradı ve protokolün bir kısmı askıya alındı. XCarnival yetkilileri, 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a sahibine 1500 ETH ödülü verecek.
Aynı zamanda, XCarnival yetkilileri, kişiyi yasal işlemden açıkça muaf tutuyor.XCarnival ekibi tarafından
— XCarnival (@XCarnival_Lab) Haziran 27, 2022
Eventually, XCarnival suspended the smart contracts and deposit and borrowing features until it could identify and rectify the internal bug that made the hack possible. According to Packshield, the hacker used a previously withdrawn pledged değiştirilemez belirteç (NFT) from the Bored Ape Yacht Club (BAYC) collection as collateral to drain the assets.
While the XCarnival hacker’s wallet showed the presence of 3,087 ETH after the hack, the remaining funds seem to be siphoned successfully — with the wallet showing 0 ETH at the time of writing.
XCarnival announced plans to reveal details about the situation in time to come.
What could have been the story of the year turned out to be a disappointment after efforts from a white hat hacker to recover a locked phone full of Bitcoin (BTC) resulted in the discovery of just 0.00300861 BTC.
As Cointelegraph reported, Joe Grand, a computer engineer and hardware hacker, traveled from Portland to Seattle to potentially recover BTC from a Samsung Galaxy SIII phone owned by Lavar, a local bus operator.
Meticulous efforts that involved micro soldering, downloading the memory and discovering the Samsung’s swipe pattern for access, Lavar opened his MyCelium Bitcoin wallet and discovered only 0.00300861 BTC — worth $105 at the time, down to roughly $63 at the time of publication.
Source: https://cointelegraph.com/news/ethereum-liquidity-provider-xcarnival-negotiates-return-of-50-stolen-eth