Main navigation

Hacker Stole NFTs Worth 3,000 ETH and Then Returned Half of It, Here's How

Mon, 06/27/2022 - 10:05
article image
Arman Shirinyan
Sometimes even hackers are on good side
Hacker Stole NFTs Worth 3,000 ETH and Then Returned Half of It, Here's How
Cover image via

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.

Read U.TODAY on
Google News

The "Metaverse Asset Bank," Carnival, which experienced a smart contract exploit in a flurry of transactions and led to the gain of around 3,000 ETH by a hacker found a resolution that decreased the damage to the platform and made the hacker look better, per PeckShield Inc.

How did the hack happen?

The flaw in the platform's code allowed hackers to withdraw pledged NFTs and use them as collateral. The mechanism was later used to drain assets from the pool. The main issue was the lack of judgment in the contract that has not checked if the pledged NFT has been withdrawn by the borrower.

Jed McCaleb Now Has 114 Million XRP Left: Report

As always, the hacker received his funds from Tornado Cash coin mixing solution, which allowed him to remain completely anonymous. Potentially, the exploiter could have easily washed stolen funds and remained under the radar, and then later moved them into fiat somehow.

The good end

Luckily for platform users and the management team, the hacker agreed to return half of the stolen funds on one condition only: if the whole exploit story would be considered a "bug bounty," he would avoid all future lawsuits.

He asked the Carnival CEO to grant the owner of the address ending with "B800a" a 1,500 ETH bounty in exchange for the stolen funds. Essentially, the platform paid the hacker a $1.8 million bug bounty, which is considered more than generous.

Since the beginning of the year, the number of exploits and hacks of various DeFi platforms and NFT collections decreased significantly, most likely because of the dropping popularity of both industries and a crash of the cryptocurrency market in May and June.

article image
About the author

Arman Shirinyan is a trader, crypto enthusiast and SMM expert with more than four years of experience.

Arman strongly believes that cryptocurrencies and the blockchain will be of constant use in the future. Currently, he focuses on news, articles with deep analysis of crypto projects and technical analysis of cryptocurrency trading pairs.