HomeDeFiXCarnival hacker accepts reward

XCarnival hacker accepts reward

Author of the hack of XCarnival, a metaverse asset loan aggregator, has accepted a $1.85 million reward to return the stolen funds.

XCarnival hacker accepts reward

The hacker behind the June 26 theft of the systems of the metaverse asset loan aggregator, XCarnival, has agreed to return part of the stolen funds upon payment of a $1.85 million reward. The loan aggregator for NFTs and metaverse, had already recovered 50% of the $3.8 million lost and has now decided on a ransom payment to receive the remainder.

According to initial reconstructions made by the company Peckshield, tasked with investigating the theft, a hacker exploited a flaw in the smart contract that also allowed a pledged asset to be used as collateral, in this case a Bored Ape Yacht Club NFT

A statement from the investigative firm reads:

“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool”.

In a statement issued shortly after the attack, XCarnival said:

“Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible”.

How did the theft affect the platform?

After the news of the theft, XCarnival’s native token lost 10%. The company allows its users lavish earnings, thanks to NFT loans and other digital assets.

Initially, the company had offered the reward of $300,000 but the hacker raised again with the demand of 1,500 ETH accepted by XCarnival. According to Etherscan’s latest findings, the hacker has already returned about 1,500 ETH of the 1,800 still in its possession.

Evidently, the hackers seem to be aggressively targeting digital asset lending companies, considering that ten days ago, it was the turn of Inverse Financial, a DeFi company that specializes in cryptocurrency lending, to suffer a hacking attack that netted about $1.26 million for the perpetrator. 

The same company had already suffered a hacker attack that had taken about $15 million from the company’s accounts.

Vincenzo Cacioppoli
Vincenzo Cacioppoli
Vincenzo was born in Genova but lived most of his life in Milan. He has a degree in political science. He is a journalist, blogger, writer, and marketing and digital advertising expert. After a long experience in traditional marketing, he started working with the web and digital advertising in 2011, creating a company called Le enfants. Passionate about the web and innovation, in 2018 he started exploring the topics related to blockchain technology and cryptocurrencies. Independent cryptocurrency trader since March 2018, he now collaborates with companies in the sector as a content marketing specialist. In his blog. mediateccando.blogspot.com, he has long been primarily focused on blockchain, which he considers to be the greatest technological innovation after the Internet. His first book about blockchain and fintech is scheduled for release in November.