Hacker “returns salary”, returns half of the money stolen from XCarnival in less than 24 hours of attack

 132 total views


2022-06-29 11:15:39

XCarnival, a synthetic NFT lending protocol, lost 3,087 ETH to a hacker attack on June 26. However, fortunately, the hacker was quickly “returned”.

Hacker “returns salary”, returns half of the money stolen from XCarnival in less than 24 hours of attack

According to blockchain security researcher and ZenGo co-founder Tal Be’ery, the hacker who exploited the vulnerability from the NFT lending fund XCarnival to take away 3,087 ETH (about $3.8 million) has decided to return half of it. stolen amount for the protocol.

As an NFT lending syndicate, XCarnival allows users to borrow money using their NFT as collateral for loans. XCarnival experienced a security issue over the weekend that allowed hackers to drain $3.8 million in ETH from the platform.

Specifically, the hacker sent an NFT Bored Ape number 5110, as collateral to borrow money. Typically, Bored Ape is used as collateral so it is locked by the protocol until the loan is repaid. However, the hacker was able to withdraw Bored Ape’s collateral without paying back the loan and use it to make another loan. This action is repeated many times.

Soon after, XCarnival contacted the hacker after the incident calling for a refund. The NFT lending team initially offered a $300,000 bonus in exchange for the stolen funds. XCarnival then increased its offer to 1,543 ETH.

XCarnival also promises not to pursue any law enforcement action against the hacker if half of the stolen funds are returned. Perhaps because the bounty was increased and not subject to any legal action from XCarnival, the hacker “voluntarily” returned the money to the project. Even so, the attacker’s wallet still has 1,500 ETH (1.8 million USD) as of the time of writing.

It’s becoming more and more common for projects to “negotiate” successfully with hackers after being hurt by some pretty “silly” bugs from the protocol itself. For example, this happened to the hacker who stole 20 million OP tokens from Wintermute in early June and then returned 17 million OPs.

Harmony (ONE) also recently offered a $1 million bounty to hackers to reclaim $100 million that was stolen from the Horizon bridge on June 23. Harmony’s offer also includes a promise not to prosecute criminal charges against the hackers.

Synthetic CHK

Maybe you are interested:

Maybe you are interested:



#Hacker #returns #salary #returns #money #stolen #XCarnival #hours #attack

Related Posts

Leave a Reply

Your email address will not be published.

Close Bitnami banner
Bitnami