The hackers behind the exploit of the decentralized financial lending platform Tender.fi have returned the stolen funds for a reward of $97,000 in Ether (ETH).
The exploit was executed at 10:28 am UTC on March 7, with Tender.fi confirming the incident on Twitter shortly after, citing an “unusual number of loans” and adding all loans.
Blockchain data shows an exploiter used a price oracle error to borrow $1.59 million in assets from the protocol by depositing 1 GMX token, worth around $71.
“Looks like your oracle is misconfigured. contact me to resolve this,” the hacker wrote in an on-chain message.
Eight hours later, the DeFi protocol announced that it had reached an agreement with the “White Hat” exploit, where the hacker would pay all the loans minus the “bounty” of 62.16 ETH, about $97,000 at current prices.
Translation: White Hat will pay all loans minus 62.158670296 ETH, which will be kept as Bounty to help secure the protocol. The https://t.co/H4ZMPLH9pz team will return the value of the Bounty to the protocol, so that there are no bad debts and users remain… https://t.co/5bbmKu7zEe
— Tender.fi (@tender_fi) March 7, 2023
Another hour later, Tender.fi confirmed on Twitter that the exploiter has finished repaying the loan.
“SaFu’s official fund, post mortem on the way,” it wrote.
related: DeFi lender Tender.fi has been exploited by suspected white-hat hackers
Last year in August, the cross-chain Nomad Bridge asked exploiters to participate in the exploitation of a smart contract that generated $190 million in funds from the bridge in less than three hours.
Mere hours later, approximately $32.6 million worth of funds have been returned, suggesting that some exploiters may be white hat hackers trying to extract funds for safe return later.
Later that month, the nonfungible token company Metagame even offered a “Whitehat Prize” in the form of NFTs to anyone who proves that they have recovered at least 90% of the funds stolen from the protocol.
1/ Friends in @metagame make NFT earn as thanks to whitehats who generate funds from Nomad Bridge Hack. Go to https://t.co/TWwuJwnRXj to claim! pic.twitter.com/V87rkGhBEE
— Nomad (⤭⛓) (@nomadxyz_) August 23, 2022
Blockchain data from the Official Nomad Fund Recovery Address shows that funds have continued to return to the recovery address since then, with the most recent transaction recorded on February 18 for $7,868 in Covalent Query Token (CQT).