In a recent development, a hacker was able to drain almost $1.59 million from the DeFi lending platform, Tender Fi. As a result of the exploit, Tender Fi immediately halted all of its borrowing with the intention of recouping all of its assets. The Web3 focused smart contract auditor, CertiK, and blockchain analyst Lookonchain, witnessed funds being drained from the platform on March 7.
However, Tender Fi took it to Twitter and confirmed the issue. The platform stated that it launched an investigation against the increased number of borrows. Not too long after the exploit, Tender Fi stated that the white hat hacker tried making contact with the platform. Through an on-chain message, the hacker stated,
“It looks like your oracle was misconfigured. contact me to sort this out.”
We are investigating an unusual amount of borrows that came through the protocol- in the meantime, we have paused all borrowing. Thank you for your patience.
— Tender.fi (@tender_fi) March 7, 2023
The contact eventually led to a series of discussions to recoup the assets snatched during the exploit.
The White Hat Hacker Gets a Bounty After Returning Stolen Funds to Tender Fi
Based on discussions held with the hacker, it was decided that all funds would be repaid in exchange for a bounty. The bounty offered via an on-chain message was almost $97k, or approximately 6% of the total exploit amount. However, the hacker returned all of these funds, and took the bounty in the form of ETH.
Tender Fi announced on its Twitter account that the hacker would get to keep 62.15 ETH from the stolen funds. That amount was eventually kept by the hacker in an effort to help Tender Fi secure the protocol. Furthermore, the it was announced that it would repay the entirety of the bounty’s value to the protocol. The main aim of doing so was to eliminate the possibility of bad debts. Soon after, Tender Fi returned with another announcement which stated that the exploiter had completed the repayments.
Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The https://t.co/H4ZMPLH9pz Team will repay the Bounty s value to the protocol, so that there will be no bad debt and users will remain… https://t.co/5bbmKu7zEe
— Tender.fi (@tender_fi) March 7, 2023
Over time, white hat hackers have made a name for themselves as ethical hackers. Similarly, they tend to take advantage of any security flaws in multiple protocols before returning the funds. DeFi protocols have been the prime target of numerous hackers over the course of time. Seven different platforms lost a total of a whopping $21 million in February 2023 alone. Similarly, hackers also took great advantage of an Oracle exploit this year in January. As a result of the exploit, a total sum of $120 million was snatched from BonqDAO.
