25. May 2024

Hacker Returns Stolen Funds for $97K Bounty Reward

• The hacker successfully exploited the decentralized finance lending platform Tender.fi, stealing $1.59 million worth of assets.
• The hacker agreed to repay all loans minus a 62.16 ETH bounty reward, worth around $97,000 at current prices.
• Tender.fi confirmed the hacker had completed loan repayments and that funds were “SaFu” (safe).

Exploit of DeFi Lending Platform Tender.fi

On March 7th at 10:28am UTC, a hacker successfully exploited the decentralized finance lending platform Tender.fi, stealing $1.59 million worth of assets by depositing 1 GMX token valued at around $71.

Hacker Returns Stolen Funds for Bounty Reward

Tender.fi offered an on-chain message with a bounty reward of $97,000 (6% of the exploit amount) in Ether ETH if the hacker returned the stolen funds – to which they agreed and repaid all loans minus a 62.16 ETH “bounty” – worth around $97,000 at current prices.

Funds Declared SaFu

Eight hours later, Tender.fi announced it had come to an agreement with the “White Hat” exploiter and one hour after that it confirmed on Twitter that the exploiter had completed loan repayments and declared funds “SaFu”.

DeFi Security Best Practices

As this incident highlights, developers must take extra precautions when configuring smart contracts oracles in order to prevent exploits like this from happening in the future – as well as ensure users are protected against any potential losses if similar events do take place again in Web3 protocols such as DeFi platforms and exchanges..

Conclusion
This exploit serves as yet another reminder that security should be taken seriously within decentralized finance protocols – both in terms of code audits and user education on best practices when utilizing these platforms for their financial needs