On June 26, a hacker exploited XCarnival’s vulnerability and stole 3,087 ETH, worth about $3.8 million. In an effort to recover the stolen funds, the XCarnival team contacted the hacker with an offer of a $300,000 bounty and pledged not to pursue law enforcement action if they returned the remaining funds. XCarnival then increased its offer to 1,543 ETH and the hacker got the deal.
XCarnival is a lending aggregator for metaverse assets that allows users to borrow cash applying their NFT as collateral for loans. XCarnival suffered an exploit over the past weekend in which the hacker sent NFT Bored Ape #5110 as collateral to borrow cash. Bored Ape is used as collateral so it will be locked by the protocol until the loan is repaid. However, the hacker was able to withdraw the assets without repaying the loan and then continue to use it to make another loan.
According to an announcement on Sunday, the XCarnival smart contract has been suspended, while “all deposit and borrowing actions are temporarily not supported”. The project’s native token XCV also suffered by the hack as it dropped 10% over the past 24 hours.
Harmony (ONE) also recently offered a $1 million bounty to hackers to get back $100 million in a Horizon bridge hack on June 23. Harmony’s offer also includes a promise not to pursue legal action against hackers.
Follow our channels for more crypto news: