Ethereum liquidity provider XCarnival negotiates return of 50% stolen ETH

Published at: June 27, 2022

XCarnival, a liquidity provider for the Ethereum ecosystem, recovered 1,467 Ether (ETH) just a day after suffering an exploit that drained 3,087 ETH, worth roughly $3.8 million, from the protocol.

Blockchain investigator Peckshield noticed the XCarnival hack as it came across a stream of transactions that eventually bled 3,087 ETH from the protocol. Explaining the nature of the exploit, Peckshield stated:

“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool.”

Soon after the revelation, XCarnival proactively informed the users about the hack while temporarily suspending a part of its services to counter the annoying attack. The protocol also offered the hacker 1,500 ETH as a bounty in addition to offering exemption from legal proceedings.

XCarnival was attacked on June 26, 2022 and suspended part of the protocol. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty. At the same time, XCarnival officals explicitly exempt the person from legal action. By XCarnival team

— XCarnival (@XCarnival_Lab) June 27, 2022

Eventually, XCarnival suspended the smart contracts and deposit and borrowing features until it could identify and rectify the internal bug that made the hack possible. According to Packshield, the hacker used a previously withdrawn pledged nonfungible token (NFT) from the Bored Ape Yacht Club (BAYC) collection as collateral to drain the assets.

While the XCarnival hacker’s wallet showed the presence of 3,087 ETH after the hack, the remaining funds seem to be siphoned successfully — with the wallet showing 0 ETH at the time of writing.

XCarnival announced plans to reveal details about the situation in time to come.

Related: White hat hacker attempts to recover 'millions' in lost Bitcoin, finds only $105

What could have been the story of the year turned out to be a disappointment after efforts from a white hat hacker to recover a locked phone full of Bitcoin (BTC) resulted in the discovery of just 0.00300861 BTC.

As Cointelegraph reported, Joe Grand, a computer engineer and hardware hacker, traveled from Portland to Seattle to potentially recover BTC from a Samsung Galaxy SIII phone owned by Lavar, a local bus operator.

Meticulous efforts that involved micro soldering, downloading the memory and discovering the Samsung’s swipe pattern for access, Lavar opened his MyCelium Bitcoin wallet and discovered only 0.00300861 BTC — worth $105 at the time, down to roughly $63 at the time of publication.

Tags
Related Posts
Solana and Arbitrum knocked offline, while Ethereum evades attack
Surging Ethereum rival, Solana (SOL), has shed 15% of its value over the past 24 hours after suffering a denial-of-service disruption. On Tuesday at 12:38 pm UTC, Twitter account Solana Status announced that Solana’s mainnet beta had been suffering intermittent instability over a 45-minute period. Six hours after announcing the incident, Solana Status explained that a large increase in transaction load to 400,000 per second had overwhelmed the network, created a denial-of-service, and caused the network to start forking. 1/ Solana Mainnet Beta encountered a large increase in transaction load which peaked at 400,000 TPS. These transactions flooded the transaction …
Technology / Sept. 15, 2021
Crypto.com finally speaks out: 483 user accounts compromised
The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts. In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value. Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns. Following the 17th of …
Bitcoin / Jan. 20, 2022
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Transit Swap loses over $21M due to internal bug hack, issues apology
Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to the users while efforts to track down and recover the stolen funds are underway. “We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million. Blockchain investigator Peckshield narrowed down the attack to a compatibility issue or misplaced trust in the swap contract. pic.twitter.com/KJ7u5xoxBp — Transit Swap | Transit Buy | NFT (@TransitFinance) …
Ethereum / Oct. 2, 2022
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023