The hacker who stole $1.59 million value of crypto property from Arbitrum-based decentralized finance (DeFi) lending platform Tender.fi has returned almost all of the funds, retaining roughly $97,000 as a bounty reward.
Tender.fi was exploited on the morning of March 7, with the mission’s official Twitter deal with confirming the incident in a tweet a couple of minutes later.
Tender.fi Exploited for $1.59 Million
In line with the tweet, Tender.fi disclosed that it had seen and was wanting into an “uncommon quantity” of loans. The platform additionally paused its lending service throughout the investigation.
On-chain information confirmed that the attacker exploited an oracle glitch. The bug allowed the hacker to borrow as much as $1.59 million in ether (ETH) tokens with a deposit of 1 GMX token value $71 as collateral.
After the exploit, the hacker left an on-chain message for Tender.fi, saying, “It appears like your oracle was misconfigured. contact me to type this out.” This exhibits that the exploiter is a white hat hacker.
A couple of hours later, Tender.fi disclosed that it had contacted the attacker to barter and talk about the phrases of a bounty settlement.
“The whitehat has made contact over debank and we’re presently in discussions on easy methods to treatment this case. We are going to replace you with extra info when we’ve got it,” the protocol stated.
Hacker Retains $97k as Bounty
Seven hours later, the protocol revealed that it had agreed with the hacker and the funds could be returned.
About an hour later, the hacker returned $1.49 million and stored $96,500 as a bounty. Each Tender.fi and blockchain safety agency PeckShield confirmed the transaction.
Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will likely be stored as a Bounty for serving to safe the protocol. The https://t.co/H4ZMPLH9pz Staff will repay the Bounty s worth to the protocol, in order that there will likely be no dangerous debt and customers will stay… https://t.co/5bbmKu7zEe
— Tender.fi (@tender_fi) March 7, 2023