XCarnival, an Ethereum (ETH)-based protocol that acts as a loan aggregator for non-fungible tokens (NFTs), has recovered 50% of the $3.8 million lost after a hacker discovered a smart contract flaw.
The loophole allowed an asset linked to the smart contract to also be used as collateral, in this case an NFT from the Bored Ape Yacht Club.
The vulnerability was exploited in several transactions in a short period of time around 9:00 am ET on June 26, with the hacker extracting 3,087 ether.
“XCarnival was hacked on June 26, 2022 and suspended part of the protocol,” the Singapore-based company tweeted.
“Our smart contract is suspended and all deposit and loan actions are temporarily blocked. We will be back with new updates as soon as possible.”
The XCarnival team offered the hacker a bounty of 1,500 ETH, an offer apparently accepted after a wallet marked “XCarnival Exploiter” sent 1,467 ETH to the affected wallet, according to the Etherscan blockchain.
According to the protocol’s website, the total amount blocked (TVL) is 2992.05 ETH for loans and 3014.69 ETH for supply.
How far will cryptocurrencies go? What’s the best way to buy them? We have prepared a free class with step by step. Click here to watch and receive InfoMoney’s cryptocurrency newsletter