{"id":46347,"date":"2023-03-08T04:00:06","date_gmt":"2023-03-08T08:00:06","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=46347"},"modified":"2023-03-08T04:00:09","modified_gmt":"2023-03-08T08:00:09","slug":"tender-fi-hacker-returns-stolen-funds-gets-6-bounty-reward","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/tender-fi-hacker-returns-stolen-funds-gets-6-bounty-reward\/","title":{"rendered":"Tender.fi hacker returns stolen funds, gets 6% bounty reward"},"content":{"rendered":"\n

Tender.fi decentralized lending platform <\/a>hacker has returned the exploit back to the platform in exchange for an Ether bounty of $97,000 which is approximately 6% of the initial stolen funds.<\/p>\n\n\n\n

\"Tender.fi
Tender.fi hacker returns stolen funds, gets 6% bounty reward<\/figcaption><\/figure>\n\n\n\n

On March 7, at 10:28 AM UTC, the exploit occurred. Shortly after, Tender.fi confirmed the event on Twitter, noting “an unusual quantity of borrows” and adding that it has suspended all borrowing.<\/p>\n\n\n\n

By depositing 1 GMX token<\/a>, which is worth about $71, the exploiter utilized a price oracle bug to borrow $1.59 million in assets from the protocol.<\/p>\n\n\n\n

“It appears that your oracle was improperly configured. Please get in touch with me to resolve this, the hacker stated in an on-chain post.<\/p>\n\n\n\n

\"\"
Message sent to Tender.fi from the price oracle exploiter. Source: Arbiscan<\/figcaption><\/figure>\n\n\n\n

The “White Hat” exploiter had reached an agreement with the DeFi protocol\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> eight hours later, according to which the hacker would refund all debts less a 62.16 ETH “bounty,” which is currently worth about $97,000.<\/p>\n\n\n\n

\n

We have come to an agreement with the White Hat, an on chain transaction was sent with an attached message that contains the terms of this agreement. https:\/\/t.co\/9a5IsgID0Q<\/use><\/svg><\/span><\/a><\/p>— GLend (@GemachLend) March 7, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

One more hour later, Tender.fi tweeted a confirmation that the exploiter had finished repaying the loan. It stated, “Funds are officially SaFu, post mortem on the way.<\/p>\n\n\n\n

Cross-chain Nomad Bridge issued a call to exploiters who took part in a smart contract exploit that took $190 million in money out of the bridge in less than three hours last August.<\/p>\n\n\n\n

Only hours later, $32.6 million worth of payments had already been returned, indicating that some of the exploiters may have been white hat hackers looking to steal money for a later, safe return.<\/p>\n\n\n\n

A “Whitehat Award” in the form of an NFT was even made available later in the month by the nonfungible token<\/a> company Metagame to anyone who could demonstrate that they had restored at least 90% of the money they had stolen from the protocol.<\/p>\n\n\n\n

\n

1\/ Our friends at @metagame<\/use><\/svg><\/span><\/a> created an earned NFT as a thank you to whitehats who returned funds from the Nomad Bridge Hack. Head over https:\/\/t.co\/TWwuJwnRXj<\/use><\/svg><\/span><\/a> to claim it! pic.twitter.com\/V87rkGhBEE<\/use><\/svg><\/span><\/a><\/p>— Nomad (\u292d\u26d3\ud83c\udfdb) (@nomadxyz_) August 23, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

Since then, monies have continued to be sent to the recovery account, with the most recent transaction for $7,868 in Covalent Query Tokens being logged on February 18 according to blockchain data from the Official Nomad Funds Recovery Address (CQT).<\/p>\n","protected":false},"excerpt":{"rendered":"

Tender.fi decentralized lending platform hacker has returned the exploit back to the platform in exchange for an Ether bounty of $97,000 which is approximately 6% of the initial stolen funds. On March 7, at 10:28 AM UTC, the exploit occurred. Shortly after, Tender.fi confirmed the event on Twitter, noting “an unusual quantity of borrows” and […]<\/p>\n","protected":false},"author":12,"featured_media":46350,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[1514,2118,4451,13704,13705],"class_list":["post-46347","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-bounty","tag-hacker","tag-lending-platform","tag-tender-fi","tag-white-hat-hacker"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/03\/image-20.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/46347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=46347"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/46347\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/46350"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=46347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=46347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=46347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}