An ethical hacker has abused the decentralized finance (DeFi) lending platform Tender.fi. The stolen funds soon returned for a bounty award of 6% of the exploit value.
In an interesting turn of events, the exploiter behind the Tender.fi hack lending platform has returned the exploited amount of $1.59 million. The stolen money was returned to the platform in exchange for a reward or bounty.
Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The https://t.co/H4ZMPLH9pz team will return the value of the Bounty back to the protocol so that there are no bad debts and users remain… https://t.co/5bbmKu7zEe
β Tender.fi (@tender_fi) March 7, 2023
Tender.fi confirmed on Twitter, the exploiter had paid off the loan. The white hat hacker got 62.16 ETH, or about $97,000. A bounty equal to 6% of the exploit amount.
Oracle Misconfiguration
Tender.fi allows users to borrow and lend cryptocurrency assets in a decentralized manner. However, due to the complex nature of these platforms, they can be vulnerable to various security risks, including misconfigured oracles.
The said protocol will come into effect on 7 March undergo “an unusual number of loans”, after which the platform stopped all lending operations. A security analyst highlighted the situation on the social media platform where the hacker borrowed $1.59 million in assets from the protocol by depositing 1 GMX token, worth $71 at the time of writing.
βIt looks like your oracle is misconfigured. Please contact me to find out,β the hacker wrote in an on-chain message.
Defi hacks continue to spread fear
Decentralized Finance or DeFi hacks have become more common recently, raising concerns about the safety and security of users’ funds. DeFi is a blockchain-based financial system that aims to provide an alternative to traditional finance.
In DeFi, users can access financial services such as lending, borrowing, trading, and investing in a decentralized manner without relying on intermediaries such as banks or brokers.
While DeFi offers many benefits such as improved accessibility, transparency, and autonomy, it is vulnerable to hacks and exploits. The decentralized nature of DeFi means there is no central authority or institution to regulate or secure the system.
As a result, malicious actors can exploit vulnerabilities in smart contracts, decentralized applications, and other DeFi protocols to steal funds from users.
According to the DeFi data analytics platform DefiLlama, the total value hacked into DeFi exceeded $5 billion.
In fact, DeFi protocols were targeted by hackers in early 2023, with seven different platforms losing more than $21 million in February alone.
DeFi hacks can be devastating to users who lose their money, and they can also damage the reputation of the entire DeFi ecosystem. To mitigate the risks of DeFi hacks, users and developers must take steps to improve the security of DeFi protocols.
Sponsored
Sponsored
disclaimer
BeInCrypto has reached out to the company or individual involved in the story to get an official statement on recent developments, but it has not yet heard back.