DeFi lending platform Tender.fi skilled a hack on March 7 that wiped off $1.58 million well worth of cryptocurrency assets. However, in an sudden twist, the hacker, recognized as an moral or white hat hacker, returned the stolen money to Tender.fi in alternate for a reward or bounty.
Tender.fi verified the return of the stolen dollars on their Twitter account, pointing out that the hacker had completed the mortgage repayments and, in exchange, received a bounty of 62.16 ETH, well worth around $97,000, equal to 6% of the take advantage of value. The platform promised to furnish a autopsy file on the incident.
Tender.fi, like different DeFi platforms, allows users to borrow and lend crypto belongings in a decentralized environment besides the want for intermediaries such as banks or brokers. However, such systems can be vulnerable to safety risks, together with misconfigured oracles, making them objectives for malicious actors.
In the case of Tender.fi, the hacker took advantage of a misconfigured oracle and borrowed $1.58 million in assets from the protocol via depositing 1 GMX token. The hacker then contacted Tender.fi by means of an on-chain message, stating, “It appears like your oracle was misconfigured. Contact me to type this out.”
Recently, DeFi hacks have become more prevalent, raising issues about the security of person funds. While DeFi gives benefits like accelerated accessibility, transparency, and autonomy, it is also susceptible to hacks and exploits due to its decentralized nature, except any central authority or group to adjust or impervious the system.
However, the return of stolen dollars by using ethical hackers is not unprecedented in the DeFi space. In August remaining year, after a smart contract make the most that resulted in the extraction of $190 million from the cross-chain Nomad Bridge in much less than three hours, the bridge appealed to the exploiters to return the stolen funds.
Surprisingly, within hours of the appeal, about $32.6 million well worth of funds have been returned, indicating that some of the exploiters may additionally have been moral hackers attempting to extract funds for protected return at a later time.
Later that equal month, nonfungible token association Metagame even offered a “Whitehat Prize” as an NFT to humans who could prove that they had again at least 90% of the cash they stole from the protocol.
According to blockchain facts from the Official Nomad Funds Recovery Address, cash have endured to be returned to the recuperation address since the exploit, with the today's transaction recorded on Feb. 18 for $7,868 in Covalent Query Token (CQT).