Hacker Returns $1.7M After Stealing $3.8M From XCarnival NFT Firm

NFT Liquidity Solutions Platform XCarnival was recently exploited for 3,087 ETH worth $3.8 million. It now appears that the attacker has returned some of the stolen funds for 1467 ETH or $1.7 million, as a part of a bug bounty reward from the company. Returning Stolen Funds as Part of Bug Bounty On June 26, blockchain security firm PeckSheild revealed that XCarnival was exploited in a smart contract flaw that resulted in a loss of $3.8 million worth of cryptocurrencies or maybe higher. 1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn),leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). pic.twitter.com/mmGw5PQfbt — PeckShield Inc. (@peckshield) June 26, 2022 Following the news, XCarnival paused its smart contract and temporarily suspended all deposits and borrowings. Meanwhile, to lure the attacker, the company offered a bounty reward worth 1500 ETH and vowed to exempt the person from legal action. XCarnival was attacked on June 26, 2022 and suspended part of the protocol. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty. At the same time, XCarnival officals explicitly exempt the person from legal action. By XCarnival team — XCarnival (@XCarnival_Lab) June 27, 2022 18 hours later, the attacker agreed to the terms of the bug bounty reward and returned 1467 ETH worth $1.7 million, at the time of writing. I...