White hat hacker returns funds to Tender.fi for $97k bounty
The hacker responsible for exploiting the decentralized finance lending platform Tender.fi has returned the stolen funds to the platform in exchange for a bounty reward of $97,000 in ether (ETH).
DeFi lending platform Tender.fi experienced a hack on March 7 that wiped off $1.58 million worth of cryptocurrency assets. However, in an unexpected twist, the hacker, identified as an ethical or white hat hacker, returned the stolen funds to Tender.fi in exchange for a reward or bounty.
Tender.fi confirmed the return of the stolen funds on their Twitter account, stating that the hacker had completed the loan repayments and, in exchange, received a bounty of 62.16 ETH, worth around $97,000, equivalent to 6% of the exploit value. The platform promised to provide a post-mortem report on the incident.
Tender.fi, like other DeFi platforms, enables users to borrow and lend crypto assets in a decentralized environment without the need for intermediaries such as banks or brokers. However, such platforms can be vulnerable to security risks, including misconfigured oracles, making them targets for malicious actors.
In the case of Tender.fi, the hacker took advantage of a misconfigured oracle and borrowed $1.58 million in assets from the protocol by depositing 1 GMX token. The hacker then contacted Tender.fi via an on-chain message, stating, “It looks like your oracle was misconfigured. Contact me to sort this out.”
Similar cases of returned funds in DeFi
Recently, DeFi hacks have become more prevalent, raising concerns about the safety of user funds. While DeFi offers benefits like increased accessibility, transparency, and autonomy, it is also vulnerable to hacks and exploits due to its decentralized nature, without any central authority or institution to regulate or secure the system.
However, the return of stolen funds by ethical hackers is not unprecedented in the DeFi space. In August last year, after a smart contract exploit that resulted in the extraction of $190 million from the cross-chain Nomad Bridge in less than three hours, the bridge appealed to the exploiters to return the stolen funds.
Surprisingly, within hours of the appeal, approximately $32.6 million worth of funds were returned, indicating that some of the exploiters may have been ethical hackers attempting to extract funds for safe return at a later time.
Later that same month, nonfungible token firm Metagame even offered a “Whitehat Prize” as an NFT to individuals who could prove that they had returned at least 90% of the funds they stole from the protocol.
According to blockchain data from the Official Nomad Funds Recovery Address, funds have continued to be returned to the recovery address since the exploit, with the latest transaction recorded on Feb. 18 for $7,868 in Covalent Query Token (CQT).
