A white hat hacker drains $1.59 million from DeFi lending protocol Tender.fi after misconfigured oracle exploit.
Own this piece of history
An alleged ethical hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, leading the service to halt borrowing while it attempts to recoup its assets.
Web3-focused smart contract auditor CertiK and blockchain analyst Lookonchain flagged an exploit that saw funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing ‘an unusual amount of borrows’ through the protocol:
We are investigating an unusual amount of borrows that came through the protocol- in the meantime, we have paused all borrowing. Thank you for your patience.
The latest update from the platform claims that a white hat hacker has made contact, and discussions are underway to recoup assets taken during the exploit. White hat hackers are also known as ethical hackers and typically look for and take advantage of security flaws in different protocols before returning funds.
The whitehat has made contact over debank and we are currently in discussions on how to remedy this situation. We will update you with more information when we have it.
Cointelegraph reached out to CertiK to unpack the situation, which highlighted that the exploiter left an on-chain message which has been verified on the Arbitrum Blockchain Explorer:
Lookonchain provided further details of the exploit, citing blockchain data that shows that the white hat hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 $GMX token which was valued at $71 at the time of writing.
Cointelegraph has reached out to Tender.fi to ascertain further details of the exploit and whether funds will be returned by the white hat hacker. DeFi protocols have been the target of hackers in early 2023, with seven different platforms losing over $21 million in February alone. Hackers also took advantage of an oracle exploit in Jan. 2023, seeing over $120 million stolen from BonqDAO.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
North Korean Malware Targets macOS Users by Evading Apple Notarization
Thune helped cosponsor a crypto bill in 2022 called the Digital Commodities Consumer Protection Act
DeltaPrime Protocol Attacked on Arbitrum and Avalanche, Resulting in $4.8 Million Loss
Polymarket Founder Raided by FBI After Trump Win, Company Says
0.00