skip to Main Content
bitcoin
Bitcoin (BTC) $ 97,753.19 0.07%
ethereum
Ethereum (ETH) $ 3,360.71 1.01%
tether
Tether (USDT) $ 1.00 0.03%
solana
Solana (SOL) $ 253.17 0.60%
bnb
BNB (BNB) $ 660.07 1.16%
xrp
XRP (XRP) $ 1.43 2.72%
dogecoin
Dogecoin (DOGE) $ 0.428443 0.52%
usd-coin
USDC (USDC) $ 0.999708 0.01%
cardano
Cardano (ADA) $ 1.02 4.13%
staked-ether
Lido Staked Ether (STETH) $ 3,362.87 0.80%

Hacker returns stolen funds to Tender.fi, gets $97K bounty reward

The bounty, which was offered via an on-chain message, was about $97,000, or 6% of the exploit amount.

265 Total views

13 Total shares

Hacker returns stolen funds to Tender.fi, gets $97K bounty reward

Own this piece of history

Collect this article as an NFT

The hacker behind the exploit of the decentralized finance lending platform Tender.fi has returned the stolen funds for a $97,000 bounty reward in Ether (ETH). 

The exploit was executed at 10:28 am UTC on March 7, with Tender.fi confirming the incident on Twitter soon after, citing “an unusual amount of borrows” and adding it hapaused all borrowing.

Blockchain data showed the exploiter used a price oracle glitch to borrow $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at around $71.

“It looks like your oracle was misconfigured. contact me to sort this out,” the hacker wrote in an on-chain message.

Message sent to Tender.fi from the price oracle exploiter. Source: Arbiscan

Eight hours later, the DeFi protocol announced it had come to an agreement with the “White Hat” exploiter, in which the hacker would repay all loans minus a 62.16 ETH “bounty,” worth around $97,000 at current prices. 

Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The https://t.co/H4ZMPLH9pz Team will repay the Bounty s value to the protocol, so that there will be no bad debt and users will remain… https://t.co/5bbmKu7zEe

— Tender.fi (@tender_fi) March 7, 2023

Another hour later, Tender.fi confirmed on Twitter that the exploiter had completed the loan repayments.

“Funds are officially SaFu, post mortem on the way,” it wrote. 

Related: DeFi lender Tender.fi suffers exploit, white hat hacker suspected

Last year in August, cross-chain Nomad Bridge appealed to exploiters that participated in a smart contract exploit that extracted $190 million in funds from the bridge in less than three hours.

Mere hours later, approximately $32.6 million worth of funds were already returned, suggesting some of the exploiters may have been white hat hackers attempting to extract funds for a later safe return.

Later in the month, nonfungible token firm Metagame even offered a “Whitehat Prize” in the form of an NFT for anyone who proved they had returned at least 90% of the funds they stole from the protocol.

1/ Our friends at @metagame created an earned NFT as a thank you to whitehats who returned funds from the Nomad Bridge Hack. Head over https://t.co/TWwuJwnRXj to claim it! pic.twitter.com/V87rkGhBEE

— Nomad (⤭⛓) (@nomadxyz_) August 23, 2022

Blockchain data from the Official Nomad Funds Recovery Address shows that funds continued to be returned to the recovery address since then, with the latest transaction recorded on Feb. 18 for $7,868 in Covalent Query Token (CQT).

Loading data ...
Comparison
View chart compare
View table compare
Back To Top