Search Inside Bitcoins

$3.8 Million Hack On XCarnival, Hacker Returns Half Back

Xcarnival hacking
Xcarnival hacking

Join Our Telegram channel to stay up to date on breaking news coverage

According to Tal Be’ery, co-founder of ZenGo, the hacker who stole 3,087 ETH ($3.8 million) from NFT lending pool XCarnival has repaid half of the cash.

Users may borrow money through XCarnival’s NFT lending pool by utilizing their collections as loan collateral. On Sunday, XCarnival had a security breach that allowed the exploiter to steal $3.8 million in Ethereum from the system.

Visit eToro to Buy Ethereum Now

Your capital is at risk.

The Loop Hole

According to Be’ery, the main problem was a flaw that let a hacker borrow from the same NFT asset more than once.

In order to borrow money, the hacker sent one NFT, Bored Ape #5110. The Bored Ape used as leverage would typically be imprisoned by the procedure until the debt is repaid.

However, the hacker was able to take the Bored Ape leverage out without paying back the loan and use it to obtain a new loan. This operation was repeatedly carried out, depleting the protocol’s 3,087 ETH.

Merciful Hacker Gave Accepted Offer

Following the event, XCarnival spoke with the hacker via on-chain communications and demanded a refund of the money.

For the stolen money, the NFT lending pool originally offered a $300,000 prize. The hacker accepted XCarnival’s new offer of half of the funds stolen.

At the time of publication, the hacker still had 1,500 ETH ($1.8 million) in his wallet. The other 120 ETH that were taken out of Tornado Cash to use the exploit have been given back.

The NFT lender stated that if the hacker returned 50% of the stolen funds, no legal action would be taken against them.

Offering bug bounties to hackers who steal from them is a common practice among projects nowadays.

As an illustration, this occurred to the exploiter who took 20 million Optimism tokens from Wintermute earlier in June and then gave back 17 million of those tokens, with the two parties considering it equal.

Buy Ethereum via FCA Regulated eToro Now

Your capital is at risk.

In addition, Harmony has announced a $1 million reward for the return of the $100 million that was taken on June 23 via their Horizon bridge protocol. In Harmony’s offer, she also makes a commitment not to support legal action against the hackers.

Read More:

Lucky Block - Our Recommended Crypto of 2022

Our Rating

Lucky Block
  • New Crypto Games Platform
  • Featured in Forbes,, Yahoo Finance
  • LBLOCK Token Up 1000%+ From Presale
  • Listed on Pancakeswap, LBank
  • Free Tickets to Jackpot Prize Draws for Holders
  • Passive Income Rewards - Play to Earn Utility
  • 10,000 NFTs Minted in 2022 - Now on
  • $1 Million NFT Jackpot in May 2022
  • Worldwide Decentralized Competitions
Lucky Block

Join Our Telegram channel to stay up to date on breaking news coverage

Read next


FightOut Presale - Earn Crypto for Working Out

FightOut Presale - Earn Crypto for Working Out

FightOut Presale - Earn Crypto for Working Out