XCarnival, a liquidity provider for the Ethereum ecosystem, recovered 1,467 Ether (ETH) just a day after suffering an exploit that drained 3,087 ETH, worth around $3.8 million, from the protocol.
Peckshield Blockchain Investigator noticed the XCarnival hack as it came across a stream of transactions that eventually bled 3,087 ETH from the protocol. Explaining the nature of the exploit, Peckshield said:
“The hack is made possible by allowing a retired pledged NFT to still be used as collateral, which is then exploited by the hacker to drain assets from the pool.”
Shortly after the revelation, XCarnival proactively notified users of the hack while temporarily suspending some of its services to counter the annoying attack. The protocol also offered the hacker 1,500 ETH as a bounty in addition to providing exemption from legal action.
XCarnival was attacked on June 26, 2022 and suspended part of the protocol. XCarnival officials will give owner 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a a bounty of 1500 ETH.
At the same time, XCarnival officials explicitly exempt the person from any legal action.
By the XCarnival team
— XCarnival (@XCarnival_Lab) June 27, 2022
Eventually, XCarnival suspended smart contracts and deposit and borrow functionality until it could identify and fix the internal bug that made the hack possible. According to Packshield, the hacker used a non-fungible token (NFT) previously removed from the Bored Ape Yacht Club (BAYC) collection as collateral to drain the assets.
While the XCarnival hacker’s wallet showed the presence of 3,087 ETH after the hack, the remaining funds appear to have been successfully diverted – the wallet showing 0 ETH at the time of writing.
XCarnival has announced plans to reveal details about the situation in the future.
Related: White Hat Hacker Tries To Recover ‘Millions’ Of Lost Bitcoin, Finds Only $105
What could have been the story of the year turned out to be a disappointment after a white hat hacker’s efforts to retrieve a locked phone full of Bitcoin (BTC) resulted in the discovery of just 0, 00300861 BTC.
As Cointelegraph reported, Joe Grand, a computer engineer and hacker, traveled from Portland to Seattle to potentially retrieve BTC from a Samsung Galaxy SIII phone belonging to Lavar, a local bus operator.
Meticulous efforts involving micro-soldering, memory downloading, and finding Samsung’s scan pattern to access it, Lavar opened his MyCelium Bitcoin wallet and discovered just 0.00300861 BTC – worth $105 back then, down to around $63 at press time.