Suche
Mein Konto
How someone borrowed $1.6 million with $70 worth of collateral: The Tender.Fi exploit
The hacker who stole $1.59 million worth of crypto assets from Arbitrum-based DeFi lending platform Tender.fi has returned almost all of the funds and kept around $97,000 as a bounty. Tender.fi was exploited on the morning of March 7, with the project's official Twitter handle confirming the incident in a tweet a few minutes later. Tender.fi Exploited for $1.59 Million According to the tweet, Tender.fi announced that it had noticed an “unusual amount” of loans and was investigating. The platform also paused its lending service during the investigation. On-chain data showed that the attacker exploited an oracle flaw. The flaw allowed the hacker to...
How someone borrowed $1.6 million with $70 worth of collateral: The Tender.Fi exploit
The hacker who stole $1.59 million worth of crypto assets from Arbitrum-based DeFi lending platform Tender.fi has returned almost all of the funds and kept around $97,000 as a bounty.
Tender.fi was exploited on the morning of March 7 using the project's official Twitter handle confirm the incident in a tweet a few minutes later.
Tender.fi exploited for $1.59 million
According to the tweet, Tender.fi announced that it had noticed an “unusual amount” of loans and was investigating. The platform also paused its lending service during the investigation.
On-chain data showed that the attacker exploited an oracle flaw. The flaw allowed the hacker to borrow up to $1.59 million in Ether (ETH) tokens with a deposit of a GMX token worth $71 as collateral.
After the exploit, thehackerleft an on-chain message for Tender.fi and said: "It looks like your oracle is misconfigured. Contact me to clarify." This shows that the exploiter is awhite hatHacker.
A few hours later, Tender.fi announced that it had contacted the attacker to negotiate and discuss the terms of a bounty agreement.
"The whitehat has made contact through Debank and we are currently in discussions about how to resolve this situation. We will update you with further information as we have it," the minutes read.
Hacker keeps $97,000 as a reward
Seven hours later, Protocol revealed that it agreed with the hacker and the funds would be returned.
About an hour later, the hacker returned $1.49 million and kept $96,500 as a bounty. Both Tender.fi and blockchain security companyPeckShield confirmed Thetransaction.
Translation: The white hat will repay all loans minus 62.158670296 ETH, which will be retained as a bounty for securing the protocol. The https://t.co/H4ZMPLH9pz team will return the value of the bounty to the protocol so that there are no bad debts and users stay… https://t.co/5bbmKu7zEe
— Tender.fi (@tender_fi) March 7, 2023
.