PeckShield tweeted that the NFT lending protocol XCarnival had fallen victim to a hack, and the hacker got away with 3,087 Ethereum (about 3.8 million US dollars). However, this amount could be higher as the official report is yet to be released by the platform.
According to XCarnival on Twitter, “Currently our smart contract has been suspended, all deposit and borrowing actions are temporarily not supported, please stay tuned, we will confirm the situation as soon as possible.”
PeckShield’s report suggests the hacker exploited the vulnerability allowing a withdrawn pledged NFT to be still used as collateral. The hacker then cash in on this opportunity and withdrew assets from the platform’s pool. So far, the initial fund (120 ETH) to launch the hack has been withdrawn through TornadoCash. At the hacker’s address, there are still 3,087 ETHs of the illicit gains in the account.
XCV is currently trading at $0.01007, a 12.36% drop from yesterday. The crypto is down above 90% from its all-time high last November when it traded at $1.73.
XCarnival is a Metaverse lending platform that provides liquidation solutions for various types of assets, such as NFTs and long-tail crypto assets. With the emergence of cryptocurrencies and the increasing number of NFTs, it has developed a peer-2-peer XBroker platform. XBroker is a time-limited auction solution that aims to provide a seamless user experience for NFTs. It eliminates the need for them to manage their liquidity and price risks.
Hack After Another?
A couple of days ago, the protocol team known as Harmony confirmed that around $100 million worth of its digital assets, including BNB, ETH, and various stablecoins, were stolen during a cyberattack.
After learning about the attack, the company immediately contacted the FBI and other law enforcement agencies. It also enlisted the help of cyber experts. “This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us,” the Harmony statement notes.
After securing external support, the company went public with the news about its investigation on Twitter. It also promised to be transparent about its situation, though it did not specify what and when it would be able to share information.
Growth in DeFi Related Hacks
According to the report Chainalysis released, the DeFi protocols are the most frequently targeted targets for hackers. It also noted that money laundering in the blockchain space had increased significantly over the past few years.
The report noted that the number of illicit transactions using the DeFi protocols had increased significantly since the start of the 2020 DeFi boom. Money laundering and DeFi hacking are some of the most prominent criminal activities carried out on these protocols.
According to the report, over $1 billion of digital assets was stolen by criminals in 2022, almost all of which came from the DeFi protocols. The most prominent theft was the $600 million heist of the bridge known as the Ronin in March and the $320 million attack on the Wormhole in February. Most of the funds stolen by the hackers went to individuals with ties to North Korea.
The report noted that the lack of proper tracking of digital assets has made it difficult for users to trade multiple tokens. Also, the lack of Know Your Customer (KYC) requirements for DeFi projects has made them more vulnerable to criminal activity.
The report highlighted the activities of a North Korean-backed group known as the Lazarus Group, which laundered over $90 million in cryptocurrencies last year. It reportedly transferred the stolen assets to multiple accounts on multiple exchanges.