An ethical hacker has abused the decentralized finance (DeFi) lending platform Tender.fi. The stolen funds soon returned for a bounty award of 6% of the exploit value.
In an interesting turn of events, the exploiter behind the Tender.fi hack lending platform has returned the exploited amount of $1.59 million. The stolen money was returned to the platform in exchange for a reward or bounty.
Tender.fi confirmed on Twitter, the exploiter had paid off the loan. The white hat hacker got 62.16 ETH, or about $97,000. A bounty equal to 6% of the exploit amount.
Tender.fi allows users to borrow and lend cryptocurrency assets in a decentralized manner. However, due to the complex nature of these platforms, they can be vulnerable to various security risks, including misconfigured oracles.
The said protocol will come into effect on 7 March undergo “an unusual number of loans”, after which the platform stopped all lending operations. A security analyst highlighted the situation on the social media platform where the hacker borrowed $1.59 million in assets from the protocol by depositing 1 GMX token, worth $71 at the time of writing.
“It looks like your oracle is misconfigured. Please contact me to find out,” the hacker wrote in an on-chain message.
Defi hacks continue to spread fear
Decentralized Finance or DeFi hacks have become more common recently, raising concerns about the safety and security of users’ funds. DeFi is a blockchain-based financial system that aims to provide an alternative to traditional finance.
In DeFi, users can access financial services such as lending, borrowing, trading, and investing in a decentralized manner without relying on intermediaries such as banks or brokers.
While DeFi offers many benefits such as improved accessibility, transparency, and autonomy, it is vulnerable to hacks and exploits. The decentralized nature of DeFi means there is no central authority or institution to regulate or secure the system.
As a result, malicious actors can exploit vulnerabilities in smart contracts, decentralized applications, and other DeFi protocols to steal funds from users.
According to the DeFi data analytics platform DefiLlama, the total value hacked into DeFi exceeded $5 billion.
In fact, DeFi protocols were targeted by hackers in early 2023, with seven different platforms losing more than $21 million in February alone.
DeFi hacks can be devastating to users who lose their money, and they can also damage the reputation of the entire DeFi ecosystem. To mitigate the risks of DeFi hacks, users and developers must take steps to improve the security of DeFi protocols.
BeInCrypto has reached out to the company or individual involved in the story to get an official statement on recent developments, but it has not yet heard back.