XCarnival, an Ethereum-based protocol that acts as a lending aggregator for NFTs, has recovered 50% of the $3.8 million lost in an exploit.
-
A hacker exploited a smart-contract flaw that allowed a pledged asset to also be used as collateral, in this case a Bored Ape Yacht Club non-fungible token (NFT).
-
The vulnerability was exploited in multiple transactions over a short period of time at 12:03 UTC on June 26, with the hacker siphoning out 3,087 ether (ETH).
-
“XCarnival was attacked on June 26, 2022 and suspended part of the protocol,” the Singapore-based company wrote on Twitter.
-
“Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible,” it said.
-
The XCarnival team offered the hacker a 1,500 ETH bounty, an offer has seemingly been accepted after a wallet tagged as “XCarnival Exploiter” sent 1,467 ETH to the affected wallet, according to Etherscan.
-
According to the protocol’s website, total value locked (TVL) stands at 2992.05 ETH for borrows and 3014.69 ETH for supply.
Read more about
DeFiHackExploitsNFTs
BTC$21,442.18
0.21%
ETH$1,233.15
0.85%
BNB$239.51
0.23%
XRP$0.364068
0.51%
SOL$40.90
0.10%
View All Prices
Sign up for Market Wrap, our daily newsletter explaining what happened today in crypto markets – and why.
