Hacker Returns Half of $3.8 million He Stole from NFT Lender XCarnival: dartwalker

dartwalker

Hacker Returns Half of $3.8 million He Stole from NFT Lender XCarnival

Jul 09, 2022 21:20

XCarnival, the NFT credit pool, lost 3087 ETH due to an exploit on Sunday. The hacker responsible for the hacking returned half of the funds, and the protocol promised not to involve law enforcement agencies.
According to a network security researcher and co-founder of ZenGoTala Beeri, a hacker who used the NFT XCarnival credit pool for 3087 ETH ($3.8 million), returned half of the loot.

As an NFT credit pool, XCarnival (XCV) allows users to borrow funds using their collectibles as collateral for loans. On Sunday, a security incident occurred at XCarnival, as a result of which a hacker was able to withdraw $3.8 million in ETH from the platform.

"The main problem was a vulnerability that allowed an attacker to borrow multiple times against the same NFT collateral," Beeri said.

The hacker deposited one NFT, Bored Ape #5110, as collateral for a loan. Usually, a bored monkey used as collateral should be blocked by protocol until the loan is repaid. However, the hacker was able to withdraw the Bored Ape collateral without paying back the loan and using it to get another loan. The hacker repeated this action several times, as a result of which 3087 ETH was withdrawn from the protocol.

XCarnival contacted the hacker after the incident with an appeal to return the funds. The NFT credit pool initially offered a reward of $300,000 in exchange for the stolen funds. Then XCarnival increased its offer to half of the stolen amount, and the hacker accepted this offer.

At the time of publication, 1,500 ETH ($1.8 million) remained in the hacker's wallet. The remaining 120 ETH that were withdrawn from Tornado Cash (TORN) for the exploit were returned.

The NFT lender also promised not to take any law enforcement action against the hacker if he returns half of the stolen funds.

It is becoming popular in projects to offer rewards for mistakes to hackers guilty of theft. For example, this happened with hackers who earlier in June stole 20 million Optimism tokens (OP) from Wintermute and subsequently returned 17 million of these coins, which satisfied both sides.

Harmony (ONE) also recently offered a $1 million reward for the return of $100 million that was stolen from the Horizon Bridge protocol on June 23. Harmony's offer also includes a promise not to press criminal charges against hackers.

https://coin-signal.com/cryptonews/hacker-returns-half-of-3-8-million-he-stole-from-nft-lender-xcarnival/
#38, #Cryptonews, #Fraud, #Hack, #Hacker, #Half, #Lender, #Million, #Nft, #PATTERN, #Returns, #Stole, #Xcarnival
#CryptoNews, #HackFraud

#xcarnival, $3.8, #stole, returns, #hacker, hacker, xcarnival, #hackfraud, #cryptonews, fraud, #lender, #nft, hack, #half, #returns, pattern, #pattern, million, #hack, half, lender, nft, #fraud, cryptonews, stole, #million