An Ethereum lending protocol identified as XCarnival has lost about $3.8 million to a fresh cyber attack. The protocol is a lending aggregator for Non-Fungible Tokens (NFT) made the revelation via its Twitter page.
In an attempt to arrest the situation, the team announced their willingness to withdraw all legal cases against the hacker if they return 50% of the funds. XCarnival revealed its willingness to let go of the rest of the funds if the attacker can return $1.5 million. Surprisingly, the hacker heeded the call, thus, birthing a backlash from community members.
Efforts by XCarnival to control the situation
Tweeps accused XCarnival of pulling an insider trick to cover part of the funds before tagging it an attack. While persuading the hacker, the team offered them 1,500 ETH before recovering part of the funds. Meanwhile, when the attack first transpired the team placed a part of the protocol on suspension. According to the tweet, XCarnival disclosed that it had halted every deposit and lending activity, including its smart contract. Then, the team promised to give subsequent information on how its investigation goes on the exploitation.
Additionally, report indicates that the protocol became exploited as a result of allowing a pledged asset as collateral. The glitch on the smart contract permitted a pledged Bored Ape NFT as collateral. With that, the hacker amassed about 3,087 ETH through numerous transactions on the protocol. Currently, XCarnival’s platform has a Total Value Locked (TVL) at 299.2.05 ETH for lending, with 3014.69 ETH for supply.
Increasing attack on protocols
Projects in the Cryptocurrency space are major victims of hacks and cyber attacks lately. Protocols and DeFi are major targets for hackers who keep attacking without a second thought. The increasing attacks further add to the woes of investors amidst the wreckages of the bear market.
About three days ago, Harmony Horizon Bridge lost about $100 million to cyber exploitation. The recent attack on XCarnival underlines the increasing popularity of hacks in the crypto space. As of press time, the XCarnival is yet to give further directives about the exploitation.