An ethical hacker has exploited the decentralized finance (DeFi) lending platform Tender.fi. The stolen funds soon returned for a bounty reward of 6% of the exploit value.
In an interesting turn of events, the exploiter behind the lending platform Tender.fi hack has returned the exploited sum of $1.59 million. The stolen funds were returned to the platform in exchange for a reward or bounty.
Tender.fi confirmed on Twitter the exploiter had completed the loan repayments. The white hat hacker was awarded 62.16 ETH, or about $97,000. A bounty equivalent to 6% of the exploit amount.
Oracle Misconfiguration
Tender.fi allows users to borrow and lend cryptocurrency assets in a decentralized manner. However, due to the complex nature of these platforms, they can be vulnerable to various security risks, including misconfigured oracles.
On March 7, the said protocol underwent “an unusual amount of borrows,” following which the platform halted all the lending operations. A security analyst highlighted the situation on the social media platform wherein the hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at $71 at the time of writing.
“It looks like your oracle was misconfigured. Contact me to sort this out.”, wrote the hacker in an on-chain message.
Defi Hacks Continue to Spread Fear
Decentralized Finance or DeFi hacks have become more common recently, raising concerns about users’ funds’ safety and security. DeFi is a blockchain-based financial system that aims to provide an alternative to traditional finance.
In DeFi, users can access financial services such as lending, borrowing, trading, and investing in a decentralized manner without relying on intermediaries like banks or brokers.
While DeFi offers many benefits, such as increased accessibility, transparency, and autonomy, it is vulnerable to hacks and exploits. The decentralized nature of DeFi means that there is no central authority or institution to regulate or secure the system.
As a result, malicious actors can exploit vulnerabilities in smart contracts, decentralized applications, and other DeFi protocols to steal funds from users.
According to the DeFi data analytics platform DefiLlama, the total value hacked in DeFi amounted to more than $5 billion.
In fact, DeFi protocols have been the target of hackers in early 2023, with seven different platforms losing over $21 million in February alone.
DeFi hacks can be devastating for users who lose their funds, and they can also damage the reputation of the entire DeFi ecosystem. To mitigate the risks of DeFi hacks, users and developers must take steps to improve the security of DeFi protocols.
Disclaimer
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.
