The hacker of XCarnival, a lending aggregator for metaverse assets, has accepted a bounty of ETH 1,500 (USD 1.85m) in exchange for the return of the remaining ETH 1,467 (USD 1.8m) and the team not pursuing legal actions.

Etherscan transactions show that the hacker has already sent ETH 1,467 to the address shared by the XCarnival team.

On Sunday, a hacker was able to exploit a flaw in the smart contract code, blockchain security company PeckShield reported, stating at the time that ETH 3,087 was stolen.

“The hack is made possible by allowing a withdrawn pledged [non-fungible token] NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool,” PeckShield said.

In an attempt to recover the stolen funds, the XCarnival team reached out to the hacker with a bounty offer of USD 300,000 and pledged not to pursue law enforcement action if they return the remaining sums.

“1500eth – everyone’s happy

Per a tweet shared on Sunday, the XCarnival smart contract has been suspended, while “all deposit and borrowing actions are temporarily not supported.”

XCarnival, which describes itself as the “top player of metaverse asset bank,” allows users to earn high Annual Percentage Yield (APY) rates by lending their NFTs and other supported crypto assets.

Meanwhile, the project’s native token XCV has been hit hard by this recent hack. The token is down by 10% over the past 24 hours, while it’s up 1% in a week.

Source: Cryptonews

RELATED ARTICLESMORE FROM AUTHOR

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments