DeFi lender Tender.fi suffers exploit, white hat hacker suspected

An alleged ethical hacker has drained $1.59 cardinal from the decentralized concern (DeFi) lending level Tender.fi, starring the work to halt borrowing portion it attempts to recoup its assets.

Web3-focused astute declaration auditor CertiK and blockchain expert Lookonchain flagged an exploit that saw funds drained from the DeFi lending protocol connected March 7. Tender.fi confirmed the incidental connected Twitter, citing ‘an antithetic magnitude of borrows’ done the protocol:

We are investigating an antithetic magnitude of borrows that came done the protocol- successful the meantime, we person paused each borrowing. Thank you for your patience.

The latest update from the level claims that a achromatic chapeau hacker has made contact, and discussions are underway to recoup assets taken during the exploit. White chapeau hackers are besides known arsenic ethical hackers and typically look for and instrumentality vantage of information flaws successful antithetic protocols earlier returning funds.

The whitehat has made interaction implicit debank and we are presently successful discussions connected however to remedy this situation. We volition update you with much accusation erstwhile we person it.

Cointelegraph reached retired to CertiK to unpack the situation, which highlighted that the exploiter near an on-chain connection which has been verified connected the Arbitrum Blockchain Explorer:

The input information reads: “It looks similar your oracle was misconfigured. interaction maine to benignant this out.”

Lookonchain provided further details of the exploit, citing blockchain information that shows that the achromatic chapeau hacker borrowed $1.59 cardinal worthy of assets from the protocol by depositing 1 $GMX token which was valued astatine $71 astatine the clip of writing.

Related: $700,000 drained from BNB Chain-based DeFi protocol LaunchZone

Cointelegraph has reached retired to Tender.fi to ascertain further details of the exploit and whether funds volition beryllium returned by the achromatic chapeau hacker. DeFi protocols person been the people of hackers successful aboriginal 2023, with 7 antithetic platforms losing implicit $21 cardinal successful February alone. Hackers also took advantage of an oracle exploit successful Jan. 2023, seeing implicit $120 cardinal stolen from BonqDAO.