The hacked XCarnival protocol was recently hacked after an attacker used a flaw in the smart contracts which showed released NFT as available for collateral to be used for borrowing as we reproted in our latest cryptocurrency news.
the hacked XCarnival platform described itself as a metaverse Asset Bank and lost over 3087 ETH to a hacker and negotiated the return of half of the funds less than a day after the incident. Exploiting a flaw in the smart contracts, the attacker used a BAYC NFT which was already withdrawn after getting pledged as collateral to borrow from the platform. The same transaction was repeated a few times until the watchdog alerted the platform which paused the operations, lending, borrowing, and smart contracts.
The platform for which the loss can be higher was alerted by the blockchain security company PeckShield and the initial amount used for the attack was 120 ETH that the hackers withdrew from Tornado Cash. The watchdog also provided more details in a series of tweets about how the attack was pulled off:
“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pools.”
Nearly 12 hours after the attack, XCarnival asked the hacker to return the stolen funds and offered a 1500 ETH bounty and promised an exemption from legal action. The exploiter accepted the offer after a bounty negotiation which started with 250 ETH and settled at 1500 ETH. In a similar incident, Hollywood personality Seth Green’s Bored Ape was stolen in a phishing attack and was negotiated for their return. Green paid 165 ETH for the NFT to the owner who bought it for $200K in good faith, unaware that it was stolen.
Fred simian was the NFT character and was used as the main character in one of the upcoming shows dubbed White Horse Tavern. The NFT trade surged from under $200 million in 2020 to $40 billion in 2021 and these instances of theft and plagiarism increased in the space as well. The CEO of OpenSea Derin Finzer outlined the need for Trust and Safety investments in areas like theft and preventing scams.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post