1. Home
  2. Tender.fi

Tender.fi

Hacker returns stolen funds to Tender.fi, gets $97K bounty reward

Coin Telegraph
Hacker returns stolen funds to Tender.fi, gets K bounty reward
Coin Telegraph

The bounty, which was offered via an on-chain message was approximately $97,000 or approximately 6% of the exploit amount.

The hacker behind the exploit of the decentralized finance (DeFi) lending platform Tender.fi has returned the stolen funds for a $97,000 bounty reward in Ether (ETH). 

The exploit was executed at 10:28 am UTC on Mar. 7, with Tender.fi confirming the incident on Twitter soon after citing “an unusual amount of borrows,” and adding it has paused all borrowing.

Blockchain data showed the exploiter used a price oracle glitch to borrow $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at around $71.

“It looks like your oracle was misconfigured. contact me to sort this out,” wrote the hacker in an on-chain message.

Message sent to Tender.fi from the price oracle exploiter. Source: Arbiscan

Eight hours later, the DeFi protocol announced it had come to an agreement with the “White Hat” exploiter, in which the hacker would repay all loans minus a 62.16 ETH “bounty,” worth around $97,000 at current prices. 

Another hour later, Tender.fi confirmed on Twitter that the exploiter had completed the loan repayments.

“Funds are officially SaFu, post mortem on the way,” it wrote. 

Related: DeFi lender Tender.fi suffers exploit, white hat hacker suspected

Last year in August, cross-chain Nomad Bridge appealed to exploiters that participated in a smart contract exploit that extracted $190 million in funds from the bridge in less than three hours.

Mere hours later, approximately $32.6 million worth of funds were already returned, suggesting some of the exploiters may have been white hat hackers attempting to extract funds for a later safe return.

Later in the month, nonfungible token (NFT) firm Metagame even offered a “Whitehat Prize” in the form of an NFT for anyone that proved they returned at least 90% of the funds they stole from the protocol.

Blockchain data from the Official Nomad Funds Recovery Address shows that funds continued to be returned to the recovery address since then, with the latest transaction recorded on Feb. 18, 2023, for $7,868 in Covalent Query Token (CQT).

Read more
Zimbabwe Devalues Gold-Backed Currency by 44%

Zimbabwe Devalues Gold-Backed Currency by 44%

Crypto Sleuth Turns $71 Into $1,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform

The Daily Hodl
Crypto Sleuth Turns Into ,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform
Altcoins
Crypto Sleuth Turns Into ,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform

A savvy crypto coder has transformed $71 into $1.59 million in an instant through a new Ethereum-Arbitrum lending platform. According to the on-chain analysis firm Looksonchain, an ethical white hat hacker discovered and leveraged a major vulnerability in the borrowing and lending protocol Tender.fi (TND). “Due to the misconfigured oracle of Tender.fi, a white hat […]

The post Crypto Sleuth Turns $71 Into $1,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform appeared first on The Daily Hodl.

Read more
Zimbabwe Devalues Gold-Backed Currency by 44%

Zimbabwe Devalues Gold-Backed Currency by 44%

DeFi lender Tender.fi suffers exploit, white hat hacker suspected

Coin Telegraph
DeFi lender Tender.fi suffers exploit, white hat hacker suspected
Coin Telegraph

DeFi lending platform Tender.fi sees $1.59 million of assets drained by alleged white hat hacker taking advantage of a misconfigured oracle.

An alleged ethical hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, leading the service to halt borrowing while it attempts to recoup its assets.

Web3-focused smart contract auditor CertiK and blockchain analyst Lookonchain flagged an exploit that saw funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing ‘an unusual amount of borrows’ through the protocol:

The latest update from the platform claims that a white hat hacker has made contact, and discussions are underway to recoup assets taken during the exploit. White hat hackers are also known as ethical hackers and typically look for and take advantage of security flaws in different protocols before returning funds.

Cointelegraph reached out to CertiK to unpack the situation, which highlighted that the exploiter left an on-chain message which has been verified on the Arbitrum Blockchain Explorer:

The input data reads: “It looks like your oracle was misconfigured. contact me to sort this out.”

Lookonchain provided further details of the exploit, citing blockchain data that shows that the white hat hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 $GMX token which was valued at $71 at the time of writing.

Related: $700,000 drained from BNB Chain-based DeFi protocol LaunchZone

Cointelegraph has reached out to Tender.fi to ascertain further details of the exploit and whether funds will be returned by the white hat hacker. DeFi protocols have been the target of hackers in early 2023, with seven different platforms losing over $21 million in February alone. Hackers also took advantage of an oracle exploit in Jan. 2023, seeing over $120 million stolen from BonqDAO. 

Read more
Zimbabwe Devalues Gold-Backed Currency by 44%

Zimbabwe Devalues Gold-Backed Currency by 44%

WordPress Theme by cactus.com
Close

Share this video