XCarnival hacker accepts reward – The Cryptonomist

Author of the hack of XCarnival, a metaverse asset loan aggregator, has accepted a $1.85 million reward to return the stolen funds.

XCarnival hacker accepts reward

The hacker behind the June 26 theft of the systems of the metaverse asset loan aggregator, XCarnival, has agreed to return part of the stolen funds upon payment of a $1.85 million reward. The loan aggregator for NFTs and metaverse, had already recovered 50% of the $3.8 million lost and has now decided on a ransom payment to receive the remainder.

According to initial reconstructions made by the company Peckshield, tasked with investigating the theft, a hacker exploited a flaw in the smart contract that also allowed a pledged asset to be used as collateral, in this case a Bored Ape Yacht Club NFT

A statement from the investigative firm reads:

“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool”.

In a statement issued shortly after the attack, XCarnival said:

“Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible”.

How did the theft affect the platform?

After the news of the theft, XCarnival’s native token lost 10%. The company allows its users lavish earnings, thanks to NFT loans and other digital assets.

Initially, the company had offered the reward of $300,000 but the hacker raised again with the demand of 1,500 ETH accepted by XCarnival. According to Etherscan’s latest findings, the hacker has already returned about 1,500 ETH of the 1,800 still in its possession.

Evidently, the hackers seem to be aggressively targeting digital asset lending companies, considering that ten days ago, it was the turn of Inverse Financial, a DeFi company that specializes in cryptocurrency lending, to suffer a hacking attack that netted about $1.26 million for the perpetrator. 

The same company had already suffered a hacker attack that had taken about $15 million from the company’s accounts.


Source: https://en.cryptonomist.ch/2022/06/28/xcarnival-hacker-reward/