In recent developments, a Metaverse Asset Bank, XCarnival has experienced an outrageous hacking attempt. It lost over 3,087 ETH tokens in the attack. However, the network was quick to make negotiations with the hacker. These hackers were ready to return half of the stolen funds after 24 hours of the incident.
According to the network, these hackers exploited the flaw in a smart contract. Also, these hackers used a withdrawn Bored Ape Yacht Club NFT as collateral to borrow from the platform. This transaction was repeated a number of times. But then a watchdog alarmed the XCarnival network of this unusual activity. In response, XCarnival immediately paused the operations on the network. The service of smart contracts, borrowing, and lending was temporarily suspended.
XCarnival Avoid a Much Larger Exploitation
It has come to notice that the watchdog was the blockchain security and data analytics company, PeckShield. The company told that hackers used 120 ETH for the attack that they withdrew from Tornado Cash. PeckShiled further shared the details in a series of tweets.
2) The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool. pic.twitter.com/2zA6vr59Hj
— PeckShield Inc. (@peckshield) June 26, 2022
Nonetheless, XCarnival proposed negotiations for the hacker after 12 hours of the attack. The network offered 1,500 ETH in bounty for the hackers if they returned the stolen funds. Along with it, the network also promised an exemption from the legal action. It was found out that the hacker accepted the deal. Also, it was revealed that the bounty negotiations started with 250 ETH and were finalized at 1,500 ETH.
Hacking and fishing attempts have become quite common since the rise of the NFT sector. Several networks, organizations, and individuals have faced severe circumstances due to these hacking attempts. Moreover, Tornado Cash has been used repeatedly by the exploiters. Therefore, several consumers have criticized the network, and have also emphasized its banning, as it does not comply with the security standards.
Before this incident with the XCarnival Protocol, Seth Green also suffered from a similar attack. Green’s BAYC NFT #8398 was stolen on May 17 in a fishing attack. The NFT named “Fred Simian” was then reclaimed after negotiations. The person who gave back the NFT was unaware of its stolen status and bought it for $200K. Therefore, Green paid 165 ETH to get back the NFT.
With the hype around the NFT sector, there is a constant debate over intellectual property rights and ownership of NFTs. These several hacking cases indicate that the NFT sector is vulnerable. Therefore, consumers are growing reluctant to invest in it.