Tender.fi hacker returns stolen funds, gets bounty reward
TL;DR A hacker recently exploited a misconfigured data oracle on Tender.fi, an Arbitrum-based lending platform, to borrow $1.59 million in crypto assets with just a single GMX token worth $70 as collateral. After agreeing to pay a bounty reward of 62 ETH ($96,500), the hacker returned the funds. Tender.fi has promised a post-mortem report on the incident.
In a surprising turn of events, a hacker responsible for a $1.59 million exploit on Tender.fi, an Arbitrum-based lending platform, has now returned funds, on-chain data show.
Earlier today, the hacker took advantage of a misconfigured data oracle that allowed them to borrow $1.59 million in crypto assets with just a single GMX token worth $70 as collateral, a costly error for the protocol.
Security firms PeckShield and BlockSec were quick to investigate the matter and discovered that the unusual loan could happen by a misconfigured oracle used by Tender.fi, an Arbitrum-based lending platform.
At 1:30 pm EST, the hacker began paying back the loans after the two parties agreed on a negotiated deal done via on-chain messages. The Tender.fi team had agreed to pay 62 ETH ($96,500) as a bounty reward to the hacker.