U.S. Markets close in 2 hrs 34 mins
  • S&P 500

    4,294.37
    +14.22 (+0.33%)
     
  • Dow 30

    33,916.04
    +154.99 (+0.46%)
     
  • Nasdaq

    13,114.01
    +66.83 (+0.51%)
     
  • Russell 2000

    2,015.96
    -0.66 (-0.03%)
     
  • Crude Oil

    89.33
    -2.76 (-3.00%)
     
  • Gold

    1,798.90
    -16.60 (-0.91%)
     
  • Silver

    20.31
    -0.39 (-1.90%)
     
  • EUR/USD

    1.0173
    -0.0085 (-0.8240%)
     
  • 10-Yr Bond

    2.7860
    -0.0630 (-2.21%)
     
  • Vix

    19.97
    +0.44 (+2.25%)
     
  • GBP/USD

    1.2077
    -0.0062 (-0.5108%)
     
  • USD/JPY

    133.2280
    -0.2520 (-0.1888%)
     
  • BTC-USD

    24,189.04
    -104.33 (-0.43%)
     
  • CMC Crypto 200

    575.43
    -15.33 (-2.59%)
     
  • FTSE 100

    7,509.15
    +8.26 (+0.11%)
     
  • Nikkei 225

    28,871.78
    +324.80 (+1.14%)
     

Ethereum Lending Protocol XCarnival Hit With $3.8M Exploit, Recovers 50%

  • Oops!
    Something went wrong.
    Please try again later.
·1 min read
In this article:
  • Oops!
    Something went wrong.
    Please try again later.

Don't miss CoinDesk's Consensus 2022, the must-attend crypto & blockchain festival experience of the year in Austin, TX this June 9-12.

XCarnival, a platform based on the Ethereum blockchain that acts as a lending aggregator for NFTs (non-fungible tokens), has recovered 50% of the $3.8 million it lost in an exploit.

  • A hacker exploited a smart contract flaw that allowed a pledged asset to also be used as collateral, in this case a Bored Ape Yacht Club NFT.

  • The vulnerability was exploited in multiple transactions over a short period of time at 12:03 UTC on Sunday, with the hacker siphoning 3,087 ethers (ETH).

  • "XCarnival was attacked on June 26, 2022 and suspended part of the protocol," the Singapore-based company wrote on Twitter.

  • "Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible," it said.

  • The XCarnival team offered the hacker a 1,500 ETH bounty, an offer that seemingly been accepted after a wallet tagged as "XCarnival Exploiter" sent 1,467 ETH to the affected wallet, according to Etherscan.

  • According to the protocol's website, total value locked stands at 2992.05 ETH for borrows and 3014.69 ETH for supply.