man wearing red hoodie standing near gray wall during daytime photo

Ethereum Lending Protocol XCarnival Hit With $3.8M Exploit, Recovers 50%

  • In a bid to solve the issue amicably, XCarnival has promised to exempt the hacker from any legal action.

An Ethereum-based lending aggregator protocol Xcarnival has recovered 50 percent of the $3.8million funds lost in recent exploitation on its network. According to reports, the exploiter took advantage of the vulnerable smart contract in the network which usually paves way for the usage of pledged assets as collateral.

The hacker reportedly made use of a Bored Ape Yacht Club non-fungible token to perpetuate the exploitation.

The protocol confirmed the development on Monday, stressing that the exploitation took place on Sunday. According to onchain data, the hacker reportedly made away with 3,087 Ethereum.

Xcarnival And Recent Crypto Scams 

The Xcarnival protocol has offered a  bounty program of about 1500 ETH on the hacker. Perhaps a means to regain tarnished trust with the community.

For clarity purposes, the firm provided the hacker’s address as: 


In a bid to solve the issue amicably, XCarnival promised to exempt the hacker from legal action.

As of Press time, the protocol has discontinued its smart contract services, with all forms of deposits, and borrowing operations halted. 

According to data provided by Etherscan, the proposed 1500ETH bounty reward by the Xcarnival team has been accepted by the hacker.  This development was discovered following a transfer by the return of 1,467ETH to the Xcarnival address.

Notably, Xcarnival has a total value locked (TVL) of  2992.05 ETH for borrows and 3014.69 ETH for supply. Its native token XCV has fallen by 8.46 percent in the last 24 hours, according to CoinGecko. 

The crypto market is undergoing a critical phase that has seen huge transformations. System hacks have become more frequent in recent months.

For instance, Harmony’s Horizon bridge reported a security breach on its network about a week ago. This led to the pilfering of about $100 million worth of Bitcoin and Ethereum, USD coin, and Dai. 

As of press time,  the Harmony team is still working with cyber experts to recover the pilfered funds.  The Proof of Stake blockchain also placed a $1 million bounty for the return of the funds, promising not to press charges should the money be returned. 

Ever since the exploitation erupted, the CEO of Harmony Protocol, Stephen Tse has been actively updating the community on the situation as well as sharing details about the hack.

In early June, Osmosis’s liquidity pool was also hacked, with about $5 million stolen. Although the protocol has recovered $2 million of the stolen funds after an investigation into the source of the exploitation began. Funds were extricated from two members of FireStack, one of the enormous validators of Osmosis.

Rebecca Davidson Verified

Rebecca is a Senior Staff Writer at BitcoinWisdom, working hard to bring you the latest breaking news in the cryptocurrency market. In the words of Elon Musk “Buy stock in several companies that make products & services that *you* believe in. Only sell if you think their products & services are trending worse. Don’t panic when the market does. This will serve you well in the long-term.”

Latest News