Did this Hacker get away with a $3.8 million NFT hack?

Sahana Kiran
Source – Unsplash

Similar to the crypto-verse, the NFT space garnered increased traction and managed to be valuable. Particularly to ill-doers. From hacking exchanges and pocketing easy money via cryptocurrencies, perpetrators have upgraded. With all eyes on the non-fungible token space, hackers are veering in and stealing digitized material worth millions. But in a bizarre situation, one hacker who exploited the lending pool XCarnival was all set to return the stolen funds. Just half of it.

The NFT lending pool experienced an attack on its smart contract during a transaction. This was mostly due to a flaw in the network’s code. Banking on this, the hacker decided to deposit one Bored Ape NFT and employed it as collateral to borrow more funds. Following this, the assets from the pool were stolen as the hacker managed to take loans without repaying the existing ones. After draining the entire pool by repeating the process, a total of 3,087 ETH or $3.8 million was compromised.

Seeking the stolen funds back, XCarnival reached out to the hacker. Through on-chain messages, the platform initially offered the hacker a total of $300,000 for the stolen funds. However, this was further increased to half of the stolen funds and no legal action.

How much of the stolen funds does the hacker entail?

It seems like XCarnival made the hacker an offer that he couldn’t refuse. The hacker’s wallet currently has $1.8 million worth of ETH which is about 1,500 ETH. PeckShield revealed that 1467 ETH was sent back to XCarnival Lab.

Furthermore, many of them in the community pointed out the extensive loss that the platform incurred. However, a few others noted how getting back 50 percent of the stolen funds was better than getting back nothing.

A few others posed speculations about how XCarnival could still pursue the legal route against the hacker.

“I wonder how binding these agreements are. I’d assume carnival can still get law enforcement involved? Does an agreement on a public ledger even mean anything legally in these cases?”