The hacker behind the exploit on decentralized finance lending platform Tender.fi has returned the stolen funds for a reward of $97,000 in Ether (ETH).
The exploit was executed at 10:28am UTC on March 7, and Tender.fi confirmed the incident on Twitter soon after, citing "an unusual amount of lending" and adding that it had stopped all lending.
Blockchain data showed that the exploiter used a flaw in the price oracle to borrow $1.59 million in assets from the protocol by depositing 1 GMX token, valued at around $71.
“It seems your oracle was misconfigured. contact me to resolve this”, the hacker wrote in a chain message.
Eight hours later, the DeFi protocol announced that it had reached an agreement with the exploiter "White Hat", in which the hacker would repay all loans except a "reward" of 62.16 ETH, worth around $ 97,000 at current prices.
Translation: White Hat will repay all but 62.158670296 ETH loans, which will be held as a reward for helping to secure the protocol. He https://t.co/H4ZMPLH9pz The team will return the value of Bounty to the protocol, so there are no bad debts and users remain... https://t.co/5bbmKu7zEe
— Tender.fi (@tender_fi) March 7, 2023
Another hour later, Tender.fi confirmed on Twitter that the exploiter had completed the loan payments.
“Funds are officially SaFu, postmortem on the way,” he wrote.
Related: DeFi Lender Tender.fi Suffers Exploit, White Hat Hacker Suspected
In August last year, the cross-chain Nomad Bridge appealed to exploiters who participated in a smart contract exploit that drew $190 million in funds from the bridge in less than three hours.
Within hours, approximately $32.6 million in funds they were already returnedsuggesting that some of the exploiters may have been white hat hackers attempting to extract funds for later safe return.
Later in the month, non-fungible token firm Metagame even offered a "Whitehat Award." in the form of NFTs for anyone who could prove they returned at least 90% of the funds they stole from the protocol.
1/ Our friends in @metagame created an NFT earned as a thank you to the whitehats who returned the funds from the Nomad Bridge Hack. Head over https://t.co/TWwuJwnRXj to claim it! pic.twitter.com/V87rkGhBEE
— Nomad (⤭⛓) (@nomadxyz_) August 23, 2022
Blockchain data of Nomad's official fund recovery address shows that the funds continued to be returned to the recovery address since then, with the last transaction Recorded on February 18 for $7,868 in Covalent Query Token (CQT).