XCarnival NFT Lending Platform Hit by $3.8 Million Exploit

PeckShield has reported a hack on XCarnival Lab, an NFT lending protocol. The attack happened on June 26, and the hacker managed to drain ETH tokens from the protocol. However, according to PeckShield, the hacker made away with 3,087 Ether (ETH), worth around $3.8 million.

XCarnival hit by a million-dollar exploit

The exploit on the XCarnival NFT lending platform now joins the list of several exploits over the past few months. Moreover, the ongoing recession across the crypto space does not seem to be deterring hackers from targeting protocols.

“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool, PeckShield tweeted.

PeckShield further said that 120 ETH stolen by the hacker had been laundered through TornadoCash. TornadoCash is a tool used by hackers to hide traces of token transfers from the protocol.

XCarnival Lab has already confirmed this exploit on a Twitter post, saying, “Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible.”

The protocol further said that it was willing to give the attacker a 1500 ETH bounty if they returned the stolen Ether. It also added that the hacker would be exempted from legal action if the funds were returned. A Twitter user said that the hacker had accepted the offer, and they had returned half of the stolen funds according to on-chain data.

Exploits amid market crash

The cryptocurrency market has been in turmoil over the past few months, with around $2 trillion being lost from the market since November last year. The decentralized finance sector has been the top target of hackers, and some of the best DeFi apps have not been spared from these attacks.

Last week, the Horizon Bridge to the Harmony layer-1 blockchain suffered an exploit that led to a $100M loss worth of different altcoins. Exploits on multi-chain bridges have raised concern over their security, as several of these, such as the Wormhole bridge, have been exploited for hundreds of millions of dollars worth of crypto.

Just like in the case of XCarnival lab, Harmony has also offered a $1M bounty for returning the stolen funds, adding that if they are returned, the protocol will not pursue criminal charges.

Next NFT to Blow Up - Lucky Block

Our Rating

Lucky Block
  • #1 NFT Competitions Platform - luckyblock.com
  • Daily NFT Jackpot Draws - Free Entry
  • Lifetime Platinum Rollers Club Benefits
  • LBLOCK Token Listed on LBank, Gate.io, MEXC, PancakeSwap (V1 Token)
  • 10,000 NFTs Minted - nftlaunchpad.com
Lucky Block