E Point Perfect – Interesting and beneficial content

NFT Platform XCarnival Under Attack: Malefactors Use BAYC Token


article image

Vladislav Sopov

As result of negotiations, hackers have already returned large portion of assets drained from XCarnival’s reserve


As per the protocol’s post-mortem, the security agencies have already “tentatively determined” the hackers’ location, and negotiations are underway.

XCarnival NFT lending platform attacked via unusual vector

According to the statement shared by PeckShield, a leading cybersecurity provider for blockchain products, NFT lending platform XCarnival was attacked.

Attackers managed to get an infinite number of loans using the same high-profile NFT (Bored Apes Yacht Club #5110). The protocol was targeted by a “flurry” of transactions initiated by hackers.

Malefactors managed to generate multiple contract addresses, pledge BAYC NFT as collateral, get a loan, immediately withdraw an NFT and repeat this procedure multiple times.


As such, hackers borrowed over $3.8 million in Ethereum (ETH) equivalent with no need to pay the loan back. This became possible due to the vulnerability in the borrowing module codebase.

Hackers started returning funds

The team promptly reported the issue to cybersecurity and law enforcement agencies. Initially, the hacker was offered a $300,000 bounty to recover the funds, but then the sum was increased to $1.8 million.

The main contract as well as deposit and borrowing functions were shut down to prevent XCarnival users from losing their funds.

As the attacker was tracked, the negotiations started. By press time, he/she has returned 1,467 Ethers (ETH) stolen. It should also be noted that initial funds for the attack were transferred out of the Tornado Cash mixer.

As covered by U.Today previously, the hackers attacked the Inverse Finance decentralized lending/borrowing protocol earlier this month; losses eclipsed $1.25 million in equivalent.


Source link

Related posts

This Rare Cardano Smart Contract Usage Might Be Possible After Vasil HFC: Details

Important Monero (XMR) Update Kicks in Play, What to Expect

Shiba Inu (SHIB) Can Get Greater Use in UAE Thanks to This Partnership

48% of Dogecoin (DOGE) Supply Under Influence of 10 Addresses

BlackRock Remains Bullish on Blockchain

Shiba Inu Team Teases Community with Mysterious Video