An ethical hacker has exploited the decentralized finance (DeFi) lending platform Tender.fi. The stolen funds soon returned for a bounty reward of 6% of the exploit value.

In an interesting turn of events, the exploiter behind the lending platform Tender.fi hack has returned the exploited sum of $1.59 million. The stolen funds were returned to the platform in exchange for a reward or bounty.

Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The https://t.co/H4ZMPLH9pz Team will repay the Bounty s value to the protocol, so that there will be no bad debt and users will remain… https://t.co/5bbmKu7zEe — Tender.fi (@tender_fi) March 7, 2023

Tender.fi confirmed on Twitter the exploiter had completed the loan repayments. The white hat hacker was awarded 62.16 ETH, or about $97,000. A bounty equivalent to 6% of the exploit amount.

Oracle Misconfiguration

Tender.fi allows users to borrow and lend cryptocurrency assets in a decentralized manner. However, due to the complex nature of these platforms, they can be vulnerable to various security risks, including misconfigured oracles.

On March 7, the said protocol underwent “an unusual amount of borrows,” following which the platform halted all the lending operations. A security analyst highlighted the situation on the social media platform wherein the hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at $71 at the time of writing.

Due to the misconfigured oracle of https://t.co/Hw715UqCeV, a white hat "0x896d" borrowed ~$1.59M assets by depositing only 1 $GMX($71).

If you have deposited assets on https://t.co/Hw715UqCeV, please pay attention!https://t.co/XO3yQHwk3M pic.twitter.com/G96h2EC0Fm — Lookonchain (@lookonchain) March 7, 2023

“It looks like your oracle was misconfigured. Contact me to sort this out.”, wrote the hacker in an on-chain message.

Defi Hacks Continue to Spread Fear

Decentralized Finance or DeFi hacks have become more common recently, raising concerns about users’ funds’ safety and security. DeFi is a blockchain-based financial system that aims to provide an alternative to traditional finance.

In DeFi, users can access financial services such as lending, borrowing, trading, and investing in a decentralized manner without relying on intermediaries like banks or brokers.

While DeFi offers many benefits, such as increased accessibility, transparency, and autonomy, it is vulnerable to hacks and exploits. The decentralized nature of DeFi means that there is no central authority or institution to regulate or secure the system.

As a result, malicious actors can exploit vulnerabilities in smart contracts, decentralized applications, and other DeFi protocols to steal funds from users.

According to the DeFi data analytics platform DefiLlama, the total value hacked in DeFi amounted to more than $5 billion.

DeFi platforms suffered multiple attacks over the years | Source: DeFiLlama

In fact, DeFi protocols have been the target of hackers in early 2023, with seven different platforms losing over $21 million in February alone.

DeFi hacks can be devastating for users who lose their funds, and they can also damage the reputation of the entire DeFi ecosystem. To mitigate the risks of DeFi hacks, users and developers must take steps to improve the security of DeFi protocols.