Hacker returns stolen funds to Tender.fi, gets $97K bounty reward

The hacker down the exploit of the decentralized concern (DeFi) lending level Tender.fi has returned the stolen funds for a $97,000 bounty reward successful Ether (ETH). 

The exploit was executed astatine 10:28 americium UTC connected Mar. 7, with Tender.fi confirming the incidental connected Twitter soon aft citing “an antithetic magnitude of borrows,” and adding it has paused each borrowing.

Blockchain information showed the exploiter utilized a terms oracle glitch to get $1.59 cardinal worthy of assets from the protocol by depositing 1 GMX token, valued astatine astir $71.

“It looks similar your oracle was misconfigured. interaction maine to benignant this out,” wrote the hacker successful an on-chain message.

Message sent to Tender.fi from the terms oracle exploiter. Source: Arbiscan

Eight hours later, the DeFi protocol announced it had travel to an statement with the “White Hat” exploiter, successful which the hacker would repay each loans minus a 62.16 ETH “bounty,” worthy astir $97,000 astatine existent prices. 

Translation: The White Hat volition repay each loans minus 62.158670296 ETH, which volition beryllium kept arsenic a Bounty for helping unafraid the protocol. The https://t.co/H4ZMPLH9pz Team volition repay the Bounty s worth to the protocol, truthful that determination volition beryllium nary atrocious indebtedness and users volition remain… https://t.co/5bbmKu7zEe

Another hr later, Tender.fi confirmed connected Twitter that the exploiter had completed the indebtedness repayments.

“Funds are officially SaFu, station mortem connected the way,” it wrote. 

Related: DeFi lender Tender.fi suffers exploit, achromatic chapeau hacker suspected

Last twelvemonth successful August, cross-chain Nomad Bridge appealed to exploiters that participated successful a astute declaration exploit that extracted $190 cardinal successful funds from the span successful little than 3 hours.

Mere hours later, astir $32.6 cardinal worthy of funds were already returned, suggesting immoderate of the exploiters whitethorn person been achromatic chapeau hackers attempting to extract funds for a aboriginal harmless return.

Later successful the month, nonfungible token (NFT) steadfast Metagame adjacent offered a “Whitehat Prize” in the signifier of an NFT for anyone that proved they returned astatine slightest 90% of the funds they stole from the protocol.

1/ Our friends astatine @metagame created an earned NFT arsenic a convey you to whitehats who returned funds from the Nomad Bridge Hack. Head implicit https://t.co/TWwuJwnRXj to assertion it! pic.twitter.com/V87rkGhBEE

Blockchain information from the Official Nomad Funds Recovery Address shows that funds continued to beryllium returned to the betterment code since then, with the latest transaction recorded connected Feb. 18, 2023, for $7,868 successful Covalent Query Token (CQT).