The hacker who compromised the decentralized finance lending platform Tender.fi has returned the stolen assets in exchange for a $97,000 Ether bounty. The exploit was carried out at 10:28 UTC on March 7. Tender.fi confirmed the problem shortly thereafter through Twitter, reporting “an unusual amount of borrows” and noting that it has halted all borrowing.
Analysis of blockchain data revealed that the individual responsible for the exploit leveraged a price oracle glitch. This allowed them to deposit only 1 GMX token, valued at approximately $71, and borrow assets worth $1.59 million from the protocol.
In an on-chain message, the hacker wrote that it appeared the oracle was misconfigured and instructed the recipient to contact them in order to resolve the issue.
Eight hours later, the DeFi protocol claimed that it had reached an agreement with the “White Hat” exploiter, whereby the hacker would refund all loans minus a “bounty” of 62.16 ETH, worth around $97,000 at the time of writing.
One more hour later, Tender.fi tweeted a confirmation that the exploiter had finished repaying the loan.
In August of the previous year, Nomad Bridge, which operates across different blockchains, made a plea to those responsible for a smart contract exploit. This exploit led to the extraction of approximately $190 million from the bridge in under three hours.
Within a few hours, around $32.6 million worth of funds had been returned, indicating that some of the individuals behind the exploit may have been white hat hackers attempting to retrieve the funds and return them safely at a later time.
Towards the end of that month, Metagame, a nonfungible token firm, introduced a “Whitehat Prize” in the form of an NFT. This prize was offered to individuals who could demonstrate that they had returned at least 90% of the funds that were taken from the protocol during the exploit.
According to blockchain data obtained from the Official Nomad Funds Recovery Address, funds have been consistently returned to the recovery address since the incident. As of February 18, the latest recorded transaction was for $7,868 in Covalent Query Token (CQT).