Ethereum-based NFT lending protocol XCarnival managed to recover half of the stolen funds after $3.8 million was hacked.
XCarnival was attacked yesterday at 15:00 CET with a total of 3,087 ETH, which corresponds to 3.8 million dollars. The platform convinced the attacker to return $1.9 million of the stolen funds. The attacker exploited a vulnerability that allowed a pledged asset to be used as collateral. Using a Bored Ape NFT as collateral, the attacker executed an attack that resulted in a loss of $3.8 million.
According to Etherscan data, XCarnival has offered a reward of 1,500 ETH to the attacker. An offer was accepted after a wallet tagged “XCarnival Exploiter” sent 1,467 ETH to the affected wallet.