{"id":75204,"date":"2023-03-08T13:30:40","date_gmt":"2023-03-08T11:30:40","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=75204"},"modified":"2025-09-10T10:19:41","modified_gmt":"2025-09-10T07:19:41","slug":"hacker-returns-tender-fi-assets-worth-1-59-million-to-the-platform-for-a-bounty","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-returns-tender-fi-assets-worth-1-59-million-to-the-platform-for-a-bounty\/","title":{"rendered":"Hacker returns Tender.fi assets worth $1.59 million to the platform for a bounty"},"content":{"rendered":"<p>The hacker who breached the Arbitrum-based DeFi protocol Tender.fi returned the withdrawn assets in exchange for a bounty of 62.16 ETH (~$96,534).<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The <a href=\\\"https:\/\/t.co\/H4ZMPLH9pz\\\">https:\/\/t.co\/H4ZMPLH9pz<\/a> Team will repay the Bounty s value to the protocol, so that there will be no bad debt and users will remain\u2026 <a href=\\\"https:\/\/t.co\/5bbmKu7zEe\\\">https:\/\/t.co\/5bbmKu7zEe<\/a><\/p>\n<p>\u2014 Tender.fi (@tender_fi) <a href=\\\"https:\/\/twitter.com\/tender_fi\/status\/1633170576423661581?ref_src=twsrc%5Etfw\\\">March 7, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\\n\\n<\/p>\n<p>The exploit occurred on March 7. The attacker exploited a misconfiguration in the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-blockchain-oracle\">price oracle<\/a>. As a result, he borrowed $1.59 million on the platform in cryptocurrency collateralized by a single GMX token worth about $71.<\/p>\n<p>\\n\\n<\/p>\n<p>The hacker himself reached out to the team, sending a message in a transaction:<\/p>\n<p>\\n\\n<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cIt seems your oracle was misconfigured. Contact me to work it out.\u201d<\/p>\n<\/blockquote>\n<p>\\n\\n<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh4.googleusercontent.com\/97WJTKF2eaSTVkZ7Z5QhhY7cuJ6eBHeLn9q19BXq5CisgITmOpOpUfmbrDh4gTUBHDkVV3J-p_cuaGPZcXk3Rnmbq-k8Tz2bbEFDAM-EXEM_AJuS_pZfljMHzEW0bwDPDA43kvKnkxGjL2QEJ3YAhjE\\\" alt=\\\"\u0425\u0430\u043a\u0435\u0440 \u0432\u0435\u0440\u043d\u0443\u043b \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Tender.fi \u0430\u043a\u0442\u0438\u0432\u044b \u043d\u0430 $1,59 \u043c\u043b\u043d \u0437\u0430 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435\\\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: <a href=\\\"https:\/\/arbiscan.io\/tx\/0x38ae60739af0726831957546d9d16c92ed75164a1581d4e4e6f270917913ab9c\\\">Arbiscan<\/a>.<\/figcaption><\/figure>\n<p>\\n\\n<\/p>\n<p>The protocol&#8217;s developers confirmed the incident, noting \\u201can unusual amount\\u201d of borrows on the platform.<\/p>\n<p>\\n\\n<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">We are investigating an unusual amount of borrows that came through the protocol- in the meantime, we have paused all borrowing. Thank you for your patience.<\/p>\n<p>\u2014 Tender.fi (@tender_fi) <a href=\\\"https:\/\/twitter.com\/tender_fi\/status\/1633046169055281153?ref_src=twsrc%5Etfw\\\">March 7, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script> \\n\\n<\/p>\n<p>Within a few hours they announced they had reached an agreement with the hacker. The latter returned the funds minus the agreed bounty of 62.16 ETH for \\u201cstrengthening the protocol\u2019s security\\u201d.<\/p>\n<p>\\n\\n<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\\u201cThe actor has completed the loan repayments. Funds are officially SaFu, post mortem on the way.\\u201d<\/p>\n<\/blockquote>\n<p>\\n\\n<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">The actor has completed the loan repayments. Funds are officially SaFu, post mortem on the way.<\/p>\n<p>\u2014 Tender.fi (@tender_fi) <a href=\\\"https:\/\/twitter.com\/tender_fi\/status\/1633181513259921408?ref_src=twsrc%5Etfw\\\">March 7, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\\n\\n<\/p>\n<p>The payout to the white-hat will be covered by the project from its own funds.<\/p>\n<p>\\n\\n<\/p>\n<p>In February, DeFi protocols sustained <a href=\"https:\/\/forklog.com\/en\/news\/in-february-2023-defi-projects-lost-about-21-4-million-to-hacks\">about $21.4 million<\/a> in losses after seven hacks.<\/p>\n<p>\\n\\n<\/p>\n<p>The Platypus Finance exploit, <a href=\"https:\/\/forklog.com\/en\/news\/platypus-defi-protocol-on-avalanche-loses-8-5-million-in-hack\">worth $8.5 million<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The hacker who breached the Arbitrum-based DeFi protocol Tender.fi returned the withdrawn assets in exchange for a bounty of 62.16 ETH (~$96,534).<\/p>\n","protected":false},"author":1,"featured_media":75205,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1195],"class_list":["post-75204","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-white-hat-hackers"],"aioseo_notices":[],"amp_enabled":true,"views":"31","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=75204"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75204\/revisions"}],"predecessor-version":[{"id":75206,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75204\/revisions\/75206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/75205"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=75204"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=75204"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=75204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}