A so-called values hacker sucked 1.59 million dollars from Tender.fi, a fragmented financial sector (Defi) borrowing platform, causing the service to stop lending while trying to retrieve assets.
On March 7th, CertiK, a blockchain intelligent contract audit firm dedicated to Web3, and Lookonchain, a blockchain technology investment analyst, stressed that the Defi loan agreement had a lack of funds. Tender.fi confirmed the incident on Twitter, saying that the total amount of money raised through the agreement was abnormal:
The site's latest launch claims that a white hat hacker has already contacted him and is now discussing how to recover property stolen during the attack. White hat hackers, also known as social moral hackers, tend to explore and take advantage of network security issues in different protocols before returning funds.
Cointelegraph contacted CertiK to verify the situation, explaining that the attacker left a chain message that had been authenticated on the Arirum blockchain computer browser:
Lookonchain brought more details of the attack and cited blockchain data to show that white hat hackers raised $1.59 million worth of property from the agreement under the storage of a GMX OTP, which was worth $71 at the time of writing.
Related: about $700000 spent on LaunchZone according to the BNB chain Defi protocol
Cointelegraph has already contacted Tender.fi to confirm further details of the attack and whether the white hat hackers will return the money. Defi has been a major target for hackers since the beginning of 2023, with seven different service platforms losing more than $21 million in February alone. The hackers also took advantage of a vulnerability in the Oracle script system in January 2023 and saw that BonqDAO had been stolen from more than $120 million.
DeFi lender Tender.fi suffers exploit, white hat hacker suspected
DeFi lending platform Tender.fi sees $1.59 million of assets drained by an alleged white hat hacker taking advantage of a misconfigured oracle.
Here’s why STX, CFX, SSV, AGIX and GRT are the top performing assets in February
Despite Bitcoin’s muted monthly performance, STX, SSV, CFX, AGIX and GRT surged higher, likely because of popular market narratives.
MyAlgo users urged to withdraw, as cause of $9.2M hack remains unknown
The Algorand wallet provider said it still hasn’t determined the cause of exploit that’s drained millions in ALGO, urging users to withdraw funds from wallets created with a seed phrase.
Lendhub protocol exploiters spotted shifting $3.85M into Tornado Cash
Despite the sanctions on the crypto mixing service, the bad actors behind January’s biggest exploit have deposited millions worth of funds into Tornado Cash.