In an accelerated development, XCarnival, describing itself as a Metaverse asset bank, lost 3,087 ETH to a hacker and negotiated a half-funded refund less than 24 hours after the incident.
Taking advantage of a flaw in his smart contract, the attacker used Yacht Club NFT, a bored app that had already been withdrawn after pledging, as collateral to borrow from the platform. The same transaction was repeated multiple times until a watchdog alerted XCarnival, which immediately stopped Operations – smart contracts, lending and lending.
Alert from watchdog
The platform for which the damage can be very high alerted By PeckShield, a blockchain security and data analysis company. Peckshield said the initial amount used for the attack was 120 ETH that the hackers had withdrawn from Tornado Cash.
Following this, the watchdog provided more details in a series of tweets as to how the hack was pulled off.
“The hack has been made possible by allowing the hacked NFTs to still be used as collateral, which are then used by the hackers to withdraw assets from the pool,” it said. Told In one of his tweets.
About 12 hours after the attack, XCarnival told the hacker Return Stolen funds, offered a reward of 1,500 ETH, and promised exemption from legal action. According to blockchain data, exploiters Accepted A post-negotiable bounty offering that started at 250 ETH and settled at 1,500 ETH.
Theft and scam prevention
In a similar incident, talks were held to return Hollywood celebrity Seth Greene’s Bored App #8398, which was stolen in a phishing attack on May 17. Green reportedly paid 165 ETH (approximately $300k) for the NFT to its new owner, who had bought it in good faith for $200k, unaware that it had been stolen.
Fred Simien, as Greene named the NFT character, was to be used as the main character in his upcoming show – White Horse Tavern.
NFT trade grew from $200 million in 2020 to $40 billion in 2021. As a result, incidents of such plagiarism and plagiarism have also increased in this area. Earlier this month, the CEO of one of the largest NFT marketplaces – OpenC – Darin Finzer outlined the need for trust and security investments in areas such as theft and scam prevention.
PrimeXBT Special Offer: Use this link to register and enter code POTATO50 to get up to $7,000 on your deposit.