An alleged moral hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, main the service to halt borrowing whereas it makes an attempt to recoup its belongings.
Web3-focused sensible contract auditor CertiK, and blockchain analyst Lookonchain, flagged an exploit that noticed funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing “an uncommon quantity of borrows” via the protocol:
We’re investigating an uncommon quantity of borrows that got here via the protocol- within the meantime, we now have paused all borrowing. Thanks on your persistence.
— Tender.fi (@tender_fi) March 7, 2023
The newest replace from the platform claims {that a} white hat hacker has made contact, and discussions are underway to recoup belongings taken throughout the exploit. White hat hackers are often known as moral hackers and usually search for and make the most of safety flaws in numerous protocols earlier than returning funds.
The whitehat has made contact over debank and we’re presently in discussions on the best way to treatment this case. We’ll replace you with extra info when we now have it.
— Tender.fi (@tender_fi) March 7, 2023
Cointelegraph reached out to CertiK to unpack the state of affairs, which highlighted that the exploiter left an on-chain message which has been verified on the Arbitrum Blockchain Explorer:
The enter knowledge reads: “It appears to be like like your oracle was misconfigured. contact me to kind this out.”
Lookonchain offered additional particulars of the exploit, citing blockchain knowledge displaying that the white hat hacker borrowed $1.59 million value of belongings from the protocol by depositing 1 GMX token, valued at $71 on the time of writing.
Associated: $700,000 drained from BNB Chain-based DeFi protocol LaunchZone
Cointelegraph has reached out to Tender.fi to determine additional particulars of the exploit and whether or not funds will probably be returned by the white hat hacker. DeFi protocols have been the goal of hackers in early 2023, with seven completely different platforms shedding over $21 million in February alone. Hackers additionally took benefit of an oracle exploit in Jan. 2023, seeing over $120 million stolen from BonqDAO.
https://cointelegraph.com/information/defi-lender-tender-fi-suffers-exploit-white-hat-hacker-suspected