Main navigation

NFT Platform XCarnival Under Attack: Malefactors Use BAYC Token

Advertisement
Mon, 27/06/2022 - 16:03
NFT Platform XCarnival Under Attack: Malefactors Use BAYC Token
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

As per the protocol's post-mortem, the security agencies have already "tentatively determined" the hackers' location, and negotiations are underway.

XCarnival NFT lending platform attacked via unusual vector

According to the statement shared by PeckShield, a leading cybersecurity provider for blockchain products, NFT lending platform XCarnival was attacked.

Attackers managed to get an infinite number of loans using the same high-profile NFT (Bored Apes Yacht Club #5110). The protocol was targeted by a "flurry" of transactions initiated by hackers.

Advertisement

Malefactors managed to generate multiple contract addresses, pledge BAYC NFT as collateral, get a loan, immediately withdraw an NFT and repeat this procedure multiple times.

As such, hackers borrowed over $3.8 million in Ethereum (ETH) equivalent with no need to pay the loan back. This became possible due to the vulnerability in the borrowing module codebase.

Hackers started returning funds

The team promptly reported the issue to cybersecurity and law enforcement agencies. Initially, the hacker was offered a $300,000 bounty to recover the funds, but then the sum was increased to $1.8 million.

The main contract as well as deposit and borrowing functions were shut down to prevent XCarnival users from losing their funds.

As the attacker was tracked, the negotiations started. By press time, he/she has returned 1,467 Ethers (ETH) stolen. It should also be noted that initial funds for the attack were transferred out of the Tornado Cash mixer.

Related

As covered by U.Today previously, the hackers attacked the Inverse Finance decentralized lending/borrowing protocol earlier this month; losses eclipsed $1.25 million in equivalent.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD