A hacker exploited a smart contract in non-fungible token (NFT) lending pool XCarnival, stealing nearly $4 million from the platform. The hacker has since accepted a 1,500 ETH bug bounty from the team.

NFT lending pool XCarnival nearly lost about $4 million after a hacker exploited a flaw in the smart contract. The hacker gained 3,087 ETH from the exploit on June 26, but the complied with a bug bounty compromise. Blockchain security and data analytics company PeckShield said that the hack was made possible “by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool.”

XCarnival said that they had suspended the smart contract and would offer the hacker a bounty of 1,500 ETH for returning the funds. They will not pursue legal action against the hacker.

XCarnival was attacked on June 26, 2022 and suspended part of the protocol. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty.
At the same time, XCarnival officals explicitly exempt the person from legal action.

By XCarnival team

In what is usually a rare occurrence of compliance, the hacker accepted the bounty and said that the funds will be returned, asking for an official statement signed by the XCarnival CEO. He also asked to explicitly veto lawsuits.

It seems the remaining 1467 ETH are just returned. @XCarnival_Lab https://t.co/k44zakkAvB https://t.co/h5OKcVM9PN pic.twitter.com/rnUiZyATNJ

XCarnival will be pleased with the turn of events, which could have gone much worse. The hacker too has made away with quite a sum and will not have to worry about legal action.

XCarnival is an NFT lending pool that lets users borrow tokens quickly without selling their NFTs. It essentially offers yields on NFT assets. The team has not relaunched the smart contracts, as it is working on plugging the exploit.

This incident is just one of many that has occurred in the NFT market in recent months. As the sector has become more popular, more bad actors have been turning their attention to it. It is much like decentralized finance (DeFi) in its early blooming days, which continues to suffer from attacks, though projects have grown more wary.

The Bored Ape Yacht Club has been among the most high-profile cases, with hackers having stolen four apes valued at over $1 million. NFT marketplaces like Nifty Gateway have also been hacked.

Now with all eyes on NFTs, and more of the wider public taking to the special assets, projects in the space will have to be extra cautious. This sector is particularly vulnerable because of how many new market entrants there are and the ease with which scams can be executed.

The post NFT Lending Pool XCarnival Loses Nearly $4M in Exploit; Hacker Accepts 1,500 ETH Bounty appeared first on BeInCrypto.

Similar to Notcoin - TapSwap on Solana Airdrops In 2024

origin »

175 +