An alleged ethical hacker has stolen $1.59 million from decentralized finance (DeFi) lending platform Tender.fi, prompting the service to suspend lending while it tries to recover its assets.
Web3-focused smart contract auditor CertiK and blockchain analyst Lookonchain detected a vulnerability on March 7 that led to the theft of funds from the DeFi lending protocol. Tender.fi confirmed the incident on Twitter, citing “an unusual number of loans” through the protocol:
We are investigating an unusual amount of borrowings that came through the protocol- in the meantime, we have paused all borrowing. Thank you for your patience.
— Tender.fi (@tender_fi) March 7, 2023
We are investigating an unusual number of loans that came through the protocol; meanwhile, we have stopped all lending. Thank you for your patience.
The latest update to the platform states that a white hat hacker has been contacted, and talks are underway to recover the assets stolen during the exploit. White hat hackers are also known as ethical hackers and often look for and exploit security flaws in different protocols before returning the funds.
The whitehat has made contact over debank and we are currently in discussions on how to remedy this situation. We will update you with more information when we have it.
— Tender.fi (@tender_fi) March 7, 2023
The white hat has been in contact via Debank and we are currently in discussions on how to remedy this situation. We will update you with more information when we have it.
Cointelegraph reached out to CertiK to clarify the situation, which noted that the exploiter left an on-chain message that was verified on the Arbitrum Blockchain Explorer:
lookonchain provided more details of the exploit, citing blockchain data showing that the white hat hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 $GMX token which was valued at $71 at the time of writing this article.
Cointelegraph has contacted Tender.fi to find out more details about the exploit and whether the funds will be returned by the white hat hacker. DeFi protocols have been targeted by hackers in early 2023, with seven different platforms losing more than $21 million in February alone. Hackers also exploited an oracle vulnerability in January 2023, stealing more than $120 million worth of BonqDAO.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.