Tender.fi hacker returns stolen funds, gets bounty reward

Quick Take

  • A hacker responsible for a $1.59 million exploit on Tender.fi, an Arbitrum-based lending platform, has returned the funds.
  • Tender.fi team agreed to pay 62 ETH ($96,500) as a bounty reward to the hacker. 

In a surprising turn of events, a hacker responsible for a $1.59 million exploit on Tender.fi, an Arbitrum-based lending platform, has now returned funds, on-chain data show.

Earlier today, the hacker took advantage of a misconfigured data oracle that allowed them to borrow $1.59 million in crypto assets with just a single GMX token worth $70 as collateral, a costly error for the protocol. 

Security firms PeckShield and BlockSec were quick to investigate the matter and discovered that the unusual loan could happen by a misconfigured oracle used by Tender.fi, an Arbitrum-based lending platform.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

At 1:30 pm EST, the hacker began paying back the loans after the two parties agreed on a negotiated deal done via on-chain messages. The Tender.fi team had agreed to pay 62 ETH ($96,500) as a bounty reward to the hacker.

Tender.fi issued a statement regarding the return of the funds and promised a post-mortem report would be provided. "The hacker has completed the loan repayments. Funds are officially SaFu, post mortem on the way," it said.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editors of this story:
Madhu Unnikrishnan at
[email protected]
Christiana Loureiro at
[email protected]