Ethereum ecosystem liquidity provider XCarnical has recovered 1,467 Ether (ETH) just a day after suffering an attack that cost it 3,087 ETH worth about $3.8 million on their platform. The hack was first noticed by Peckshield, a blockchain investigator, when he came across a stream of transactions that eventually led to the theft of 3,087 ETH from the protocol.
The blockchain investigative firm said: “The hack is made possible by the fact that withdrawn pledged NFTs can continue to be used as collateral, which the hacker then uses to siphon assets from the pool.
Immediately after the revelation from Peckshield, XCarnival proactively informed its users about this hack and temporarily suspended the protocol to counter the attack. As a measure to mitigate the effects of the attack, the protocol offered the attacker 1500 ETH as a reward and also promised not to press charges against the hacker. XCarnival eventually suspended smart contracts and deposit and withdrawal functions until it was able to identify and stop the attack.
Packshield too he explained the process by which the attack occurred. The hacker used a previously withdrawn NFT pledge from the Bored Ape Yacht Club (BAYC) collection as a pledge. The hacker was then able to deplete the assets. Although the XCarnival hacker’s account showed that he had 3,087 ETH after the hack, the account now contains 0 ETH at the time of writing. XCarnival also announced that they will reveal details about the situation soon.
In related news, Joe Grand, a computer engineer and hardware hacker, traveled from Portland to Seattle to get BTC from a Samsung Galaxy phone owned by local bus operator Lavar. After painstaking efforts involving micro-soldering, discovering the phone’s swipe pattern, and downloading the phone’s memory, Grand and Lavar opened the MyCelium bitcoin wallet to find just 0.00300861 BTC worth $105 at the time, but about $63 now.
Recommended image: Megapixel © Great brothers