Ethereum ecosystem liquidity provider XCarnical has recovered 1,467 Ether (ETH) just a day after suffering an attack that cost them 3,087 ETH, worth about $3.8 million on their platform. The hack was first noticed by Peckshield, a blockchain investigator, as it came across a stream of transactions that eventually led to 3,087 ETH being stolen from the protocol.
The blockchain investigative firm stated, “The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which the hacker then exploits to drain assets from the pool.”
Immediately after the revelation from Peckshield, XCarnival proactively notified its users of this hack and suspended the protocol temporarily to counter the attack. As part of measures to mitigate the effects of the attack, the protocol offered the attacker 1,500 ETH as a bounty and also promised not to press charges against the hacker. XCarnival eventually suspended the smart contracts and deposit and borrowing features until it could identify and stop the attack.
Packshield also explained the process through which the attack occurred. The hacker used a previously withdrawn pledged NFT from the Bored Ape Yacht Club (BAYC) collection as collateral. The hacker was then able to drain the assets. Although the XCarnival hacker’s account showed that it had 3,087 ETH after the hack, the account now contains 0 ETH at the time of writing. XCarnival has also announced that they will reveal the details of the situation soon.
In related news, Joe Grand, a computer engineer, and hardware hacker, traveled from Portland to Seattle to recover BTC from a Samsung Galaxy phone owned by a local bus operator, Lavar. After painstaking efforts involving micro soldering, discovering the phone’s swipe pattern, and downloading the phone’s memory, Grand and Lavar opened the MyCelium Bitcoin wallet only to find just 0.00300861 BTC worth $105 at the time, but now about $63.
Featured Image: Megapixl © Grandbrothers