According to Tal Be’ery, co-founder of ZenGo, the hacker who stole 3,087 ETH ($3.8 million) from NFT lending pool XCarnival has repaid half of the cash.
Users may borrow money through XCarnival’s NFT lending pool by utilizing their collections as loan collateral. On Sunday, XCarnival had a security breach that allowed the exploiter to steal $3.8 million in Ethereum iš sistemos.
Apsilankykite „eToro“, kad nusipirktumėte „Ethereum“ dabar
Jūsų kapitalui gresia pavojus.
The Loop Hole
According to Be’ery, the main problem was a flaw that let a hacker borrow from the same NFT asset more than once.
In order to borrow money, the hacker sent one NFT, Bored Ape #5110. The Nuobodu beždžionė used as leverage would typically be imprisoned by the procedure until the debt is repaid.
However, the hacker was able to take the Bored Ape leverage out without paying back the loan and use it to obtain a new loan. This operation was repeatedly carried out, depleting the protocol’s 3,087 ETH.
Merciful Hacker Gave Accepted Offer
Following the event, XCarnival spoke with the hacker via on-chain communications and demanded a refund of the money.
For the stolen money, the NFT lending pool originally offered a $300,000 prize. The hacker accepted XCarnival’s new offer of half of the funds stolen.
At the time of publication, the hacker still had 1,500 ETH ($1.8 million) in his wallet. The other 120 ETH that were taken out of Tornado Cash to use the exploit have been given back.
The NFT lender stated that if the hacker returned 50% of the stolen funds, no legal action would be taken against them.
Offering bug bounties to hackers who steal from them is a common practice among projects nowadays.
As an illustration, this occurred to the exploiter who took 20 million Optimism tokens from Wintermute earlier in June and then gave back 17 million of those tokens, with the two parties considering it equal.
Pirkite „Ethereum“ per FCA reguliuojamą „eToro“ dabar
Jūsų kapitalui gresia pavojus.
In addition, Harmony has announced a $1 million reward for the return of the $100 million that was taken on June 23 via their Horizon bridge protocol. In Harmony’s offer, she also makes a commitment not to support legal action against the hackers.
Plačiau paskaitykite čia:
Lucky Block – mūsų rekomenduojama 2022 m. kriptovaliuta
- Nauja kriptovaliutų žaidimų platforma
- Pateikta Forbes, Nasdaq.com, Yahoo Finance
- LBLOCK Token Up 1000%+ iš išankstinio pardavimo
- Įtraukta į Pancakeswap, LBank
- Nemokami bilietai į jackpoto prizų burtus savininkams
- Pasyvių pajamų apdovanojimai – žaiskite, kad uždirbtumėte naudingumo
- 10,000 m. nukaldinta 2022 XNUMX NFT – dabar NFTLaunchpad.com
- 1 milijonas USD NFT Jackpot 2022 m. gegužės mėn
- Pasaulio decentralizuoti konkursai
Kripto turtas yra labai nepastovus nereguliuojamas investicinis produktas. Nėra JK ar ES investuotojų apsaugos.
Source: https://insidebitcoins.com/news/3-8-million-hack-on-xcarnival-hacker-returns-half-back