This story is up to date with new info to replicate the truth that the white hacker has since returned the funds to Tender.fi.
An moral hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, main the service to halt borrowing whereas it makes an attempt to recoup its property.
Web3-focused good contract auditor CertiK, and blockchain analyst Lookonchain, flagged an exploit that noticed funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing “an uncommon quantity of borrows” by means of the protocol:
We’re investigating an uncommon quantity of borrows that got here by means of the protocol- within the meantime, we now have paused all borrowing. Thanks on your persistence.
— Tender.fi (@tender_fi) March 7, 2023
A white hat hacker that carried out the exploit made contact with Tender.fi within the hours after the incident to open discussions about returning funds that have been siphoned by means of the exploit. White hat hackers are often known as moral hackers and sometimes search for and benefit from safety flaws in several protocols earlier than returning funds.
The whitehat has made contact over debank and we’re at the moment in discussions on methods to treatment this example. We’ll replace you with extra info when we now have it.
— Tender.fi (@tender_fi) March 7, 2023
Cointelegraph reached out to CertiK to unpack the scenario, which highlighted that the exploiter left an on-chain message which has been verified on the Arbitrum Blockchain Explorer:
Lookonchain provided additional particulars of the exploit, citing blockchain information exhibiting that the white hat hacker borrowed $1.59 million price of property from the protocol by depositing 1 GMX token, valued at $71 on the time of writing.
Related: $700,000 drained from BNB Chain-based DeFi protocol LaunchZone
Tender.fi has since confirmed that the white hat hacker has returned the funds that have been siphoned from the protocol within the exploit, getting a $97,000 bounty reward.
DeFi protocols have been the target of hackers in early 2023, with seven completely different platforms shedding over $21 million in February alone. Hackers additionally took advantage of an oracle exploit in Jan. 2023, seeing over $120 million stolen from BonqDAO.
