skip to Main Content
bitcoin
Bitcoin (BTC) $ 94,206.24 1.68%
ethereum
Ethereum (ETH) $ 3,403.98 2.13%
tether
Tether (USDT) $ 0.998756 0.03%
xrp
XRP (XRP) $ 2.24 1.52%
bnb
BNB (BNB) $ 685.93 2.16%
solana
Solana (SOL) $ 191.95 4.35%
dogecoin
Dogecoin (DOGE) $ 0.32073 1.70%
usd-coin
USDC (USDC) $ 1.00 0.09%
staked-ether
Lido Staked Ether (STETH) $ 3,397.52 2.16%
cardano
Cardano (ADA) $ 0.900142 0.57%

How Someone Borrowed $1.6M With $70 Worth of Collateral: The Tender.Fi Exploit

The hacker who stole $1.59 million worth of crypto assets from Arbitrum-based decentralized finance (DeFi) lending platform Tender.fi has returned nearly all the funds, keeping roughly $97,000 as a bounty reward.

Tender.fi was exploited on the morning of March 7, with the project’s official Twitter handle confirming the incident in a tweet a few minutes later.

Tender.fi Exploited for $1.59 Million

According to the tweet, Tender.fi disclosed that it had noticed and was looking into an “unusual amount” of loans. The platform also paused its lending service during the investigation.

On-chain data showed that the attacker exploited an oracle glitch. The bug allowed the hacker to borrow up to $1.59 million in ether (ETH) tokens with a deposit of one GMX token worth $71 as collateral.

After the exploit, the hacker left an on-chain message for Tender.fi, saying, “It looks like your oracle was misconfigured. contact me to sort this out.” This shows that the exploiter is a white hat hacker.

A few hours later, Tender.fi disclosed that it had contacted the attacker to negotiate and discuss the terms of a bounty agreement.

“The whitehat has made contact over debank and we are currently in discussions on how to remedy this situation. We will update you with more information when we have it,” the protocol said.

Hacker Keeps $97k as Bounty

Seven hours later, the protocol revealed that it had agreed with the hacker and the funds would be returned.

About an hour later, the hacker returned $1.49 million and kept $96,500 as a bounty. Both Tender.fi and blockchain security firm PeckShield confirmed the transaction.

The post How Someone Borrowed $1.6M With $70 Worth of Collateral: The Tender.Fi Exploit appeared first on CryptoPotato.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top