XCarnival, a liquidity provider for the Ethereum ecosystem, recovered 1,467 ether (ETH) one day after exploiting 3,087 ETHs, valued at approximately $ 3.8 million, from the protocol.
Blockchain investigator, Peckshield note the XCarnival hack when it encountered a transaction flow that ended up draining 3,087 ETH from the protocol. Explaining the nature of the cultivation, Peckshield said:
“The hack can be done by allowing a withdrawn NFT to be used as collateral, which the hacker then uses to drain assets out of the pool.”
Shortly after publication, XCarnival proactively alerted users to the hack as it temporarily suspended some of its services to combat the aggravated attack. The protocol also offered the hacker 1,500 ETH as a bounty, as well as offering immunity from legal action.
XCarnival was attacked on June 26, 2022 and part of the protocol was suspended. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty.
At the same time, XCarnival officials explicitly exempt the person from legal action.
According to the XCarnival team
—XCarnival (@XCarnival_Lab) June 27, 2022
XCarnival was attacked on June 26, 2022 and part of the protocol was suspended. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty. At the same time, XCarnival officials expressly exempt the person from any legal action. With XCarnival Team – XCarnival (@XCarnival_Lab) June 27, 2022
Eventually, XCarnival suspended smart contracts and deposit and lending features until it could identify and fix the internal bug that could cause the hack. According to Packshield, the hacker used NFT previously removed from the collection of Bored Ape Yacht Club (BAYC) as collateral to drain the assets.
While the XCarnival hacker wallet showed a presence of 3,087 ETH after the hack, the remaining funds appear to have been successfully siphone – the wallet showing 0 ETH at the time of writing this report.
XCarnival has announced plans to release details of the situation in the near future.
Read also: Professional Hacker Attempts To Recover ‘Millions’ Of Lost Bitcoins, But Only Gets $ 105
What could have been the story of the year turned out to be disappointing after a seasoned hacker attempted to recover a locked phone filled with bitcoins (BTC) that found just 0.00300861 BTC.
As Cointelegraph reported, computer engineer and hacker Joe Grand traveled from Portland to Seattle to retrieve BTC from a Samsung Galaxy SIII phone belonging to Lavar, a local bus operator.
After strenuous efforts to micro-solder, download memory, and find Samsung’s scan mode to access it, Lavar opened its MyCelium Bitcoin wallet and found only 0.00300861 BTC – valued from $ 105 at the time, reduced to to about $ 63 at time of publication.