Author of the hack of XCarnival, a metaverse asset loan aggregator, has accepted a $1.85 million reward to return the stolen funds.
XCarnival hacker accepts reward
The hacker behind the June 26 theft of the systems of the metaverse asset loan aggregator, karnaval, has agreed to return part of the stolen funds upon payment of a $1.85 million reward. The loan aggregator for NFTs and metaverse, had already recovered 50% of the $3.8 million lost and has now decided on a ransom payment to receive the remainder.
According to initial reconstructions made by the company Peckshield, tasked with investigating the theft, a hacker exploited a flaw in the smart contract that also allowed a pledged asset to be used as collateral, in this case a Bored Ape Yacht Club NFT.
1/ @XCarnival_Lab bir txs telaşında istismar edildi (bir hack tx: https://t.co/LUcxSU9UQn),
Bilgisayar korsanının 3,087 ETH (~ 3.8 milyon dolar) kazanmasına yol açtı (Protokol kaybı daha büyük olabilir). pic.twitter.com/mmGw5PQfbt- PeckShield Inc. (@peckshield) Instagram Profilini Görüntüle Haziran 26, 2022
A statement from the investigative firm reads:
“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool”.
XCarnival 26 Haziran 2022'de saldırıya uğradı ve protokolün bir kısmı askıya alındı. XCarnival yetkilileri, 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a sahibine 1500 ETH ödülü verecek.
Aynı zamanda, XCarnival yetkilileri, kişiyi yasal işlemden açıkça muaf tutuyor.XCarnival ekibi tarafından
— XCarnival (@XCarnival_Lab) Haziran 27, 2022
In a statement issued shortly after the attack, XCarnival said:
“Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible”.
How did the theft affect the platform?
After the news of the theft, XCarnival’s native token 10% kaybetti. The company allows its users lavish earnings, thanks to NFT loans and other digital assets.
Initially, the company had offered the reward of $300,000 but the hacker raised again with the demand of 1,500 ETH accepted by XCarnival. According to Etherscan’s latest findings, the hacker has already returned about 1,500 ETH of the 1,800 still in its possession.
Evidently, the hackers seem to be aggressively targeting digital asset lending companies, considering that ten days ago, it was the turn of Inverse Financial, a Defi company that specializes in cryptocurrency lending, to suffer a hacking attack that netted about $1.26 million for the perpetrator.
1/ @Filmdenkare istismar edildi https://t.co/OaCemQfWug,
Bilgisayar korsanının ~1.26 milyon dolar kazanmasına yol açar (Protokol kaybı daha büyük olabilir).- PeckShield Inc. (@peckshield) Instagram Profilini Görüntüle Haziran 16, 2022
The same company had already suffered a hacker attack that had taken about $ 15 milyon from the company’s accounts.
Source: https://en.cryptonomist.ch/2022/06/28/xcarnival-hacker-reward/