A Hacker Stole NFTs Worth $3,000 in ETH and Returned Half of It, Here's How

A Hacker Stole NFTs Worth $3,000 in ETH and Returned Half of It, Here's How

According to PeckShield Inc., the "Metaverse Asset Bank," Carnival, which had a smart contract exploit in a flurry of transactions that resulted in a hacker gaining access to about 3,000 ETH, developed a solution that lessened the harm to the platform and improved the hacker's reputation.

How did the breach occur?

Hackers were able to remove pledged NFTs and use them as collateral due to a bug in the platform's code. Later, the pool's assets were drained via the technique. The fundamental problem was that the contract lacked judgement by failing to verify if the borrower had withdrawn the pledged NFT.

The hacker received his money from the Tornado Cash coin mixing service as usual, ensuring his entire anonymity. Potentially, the exploiter could have discreetly cleaned stolen money and later transferred it into fiat in some other way good result.

Fortunately for platform users and the management team, the hacker promised to refund 50% of the money that was taken, but only on one condition: if the entire exploit tale was deemed a "bug bounty," he would be exempt from any further legal action.

He requested that the Carnival CEO offer the owner of the address with the prefix "B800a" a reward of 1,500 ETH in exchange for the money that had been taken. In essence, the platform gave the hacker a $1.8 million bug reward, which is thought to be extremely kind.

The number of exploits and hacks of various DeFi platforms and NFT collections has dramatically fallen since the beginning of the year, most likely as a result of the declining popularity of both sectors and the crash of the cryptocurrency market in May and June.