A hacker took advantage of a smart contract in the non-fungible token (NFT) lending pool XCarnival, stealing nearly $4 million from the platform. The hacker has since accepted a 1,500 ETH bug bounty from the team.
NFT lending pool XCarnival lost nearly $4 million after a hacker exploited a flaw in a smart contract. The hacker obtained 3,087 ETH from the exploit on June 26, but the bug bounty was compromised. Blockchain security and data analytics company PeckShield said the hack was made possible “by allowing the returned NFTs to still be used as collateral, which are then exploited by hackers to extract assets from the pool.”
XCarnival said they have suspended the smart contract and will reward 1,500 ETH for returning the funds to the hackers. They will not take legal action against the hacker.
Usually in a rare event of compliance, the hacker accepted the bounty and said the funds would be returned, said an official statement signed by the XCarnival CEO. He also called for the lawsuits to be explicitly vetoed.
XCarnival would be pleased with the turn of events, which could have been worse. The hacker has also withdrawn a considerable amount and will not need to worry about legal action.
XCarnival is an NFT lending pool that lets users quickly borrow tokens without having to sell their NFTs. It essentially provides return on NFT assets. The team has not relaunched smart contracts, as it is working on preventing exploitation.
Keep an eye on the NFT market
This incident is one of several that have happened in the NFT market in recent months. As the field became more popular, more bad actors were turning their attention to it. It is, like decentralized finance (DeFi) in its early days, prone to attacks, although the projects have become more cautious.
Bored Ape Yacht Club has been one of the most high-profile cases in which hackers stole four apes worth more than $1 million. NFT marketplaces like Nifty Gateway have also been hacked.
Now with all eyes on NFTs, and more and more public taking on specialty assets, projects in the space have to be extra cautious. This sector is particularly vulnerable because of how many new ones enter the market and the ease with which scams can be carried out.