Tender.fi exploit: Hacker returns stolen funds, gets $97K Ether bounty reward

Key Takeaways

• The agreement involved the “White Hat” exploiter, repaying all loans minus a 62.16 ETH “bounty,” worth $97,000. 
• As per the latest update,hacker had completed the loan repayments.

The hacker responsible for the $1.59 million exploit of the decentralized finance (DeFi) lending platform Tender.fi has agreed to return funds for a $97,000 bounty reward in Ether. 

The exploit, which happened a day back, was confirmed by Tender.fi on Twitter, citing “an unusual amount of borrows” through the protocol. Hours after the hack, Tender.Fi took to Twitter to announce that it had reached an agreement with the hacker. The agreement involved the “White Hat” exploiter, repaying all loans minus a 62.16 ETH “bounty,” worth around $97,000 at current prices. 

We have come to an agreement with the White Hat, an on chain transaction was sent with an attached message that contains the terms of this agreement. https://t.co/9a5IsgID0Q

— Tender.fi (@tender_fi) March 7, 2023

“The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The Tender.fi Team will repay the Bounty s value to the protocol, so that there will be no bad debt and users will remain unaffected”, Tender.fi’s official tweet reads.

According to the latest update from the Defi platform, the hacker had completed the loan repayments. As per on-chain data, on March 7, the white hat hacker had exploited $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at $71 at the time of writing.

Defi protocol exploits like that of Tender.fi’s are becoming more common with each passing day. As per data analytics platform DefiLlama, 7 Defi protocol exploits in February 2023 alone caused the defi space to lose at least $21 million in crypto.

Earlier this year, decentralized exchange Orion Protocol suffered a loss of approximately $3 million through a reentrancy attack, where attackers used a malicious smart contract to drain funds from a target with repeated withdrawal orders.

Last month, DeFi protocol Platypus Finance also suffered a flash loan attack resulting in $8.5 million being drained from the protocol. Multichain exchange aggregator Dexible was also a victim of an exploit this year, causing almost $2 Million in losses.