{"id":560784,"date":"2023-03-08T02:42:07","date_gmt":"2023-03-07T23:42:07","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hacker-returns-stolen-funds-to-tender-fi-gets-97k-bounty-reward\/"},"modified":"2023-03-08T02:42:07","modified_gmt":"2023-03-07T23:42:07","slug":"hacker-returns-stolen-funds-to-tender-fi-gets-97k-bounty-reward","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hacker-returns-stolen-funds-to-tender-fi-gets-97k-bounty-reward\/","title":{"rendered":"# Hacker returns stolen funds to Tender.fi, gets $97K bounty reward"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3f8d139f5e4\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3f8d139f5e4\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hacker-returns-stolen-funds-to-tender-fi-gets-97k-bounty-reward\/#%E2%80%9D_Hacker_returns_stolen_funds_to_Tenderfi_gets_97K_bounty_reward_%E2%80%9C\" >&#8221; Hacker returns stolen funds to Tender.fi, gets $97K bounty reward &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Hacker_returns_stolen_funds_to_Tenderfi_gets_97K_bounty_reward_%E2%80%9C\"><\/span>&#8221; Hacker returns stolen funds to Tender.fi, gets $97K bounty reward &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-48054ca8>The hacker behind the exploit of the decentralized finance lending platform Tender.fi has returned the stolen funds for a $97,000 bounty reward in Ether (ETH).\u00a0<\/p>\n<p>The exploit was executed at 10:28 am UTC on March 7, with Tender.fi confirming the incident on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> soon after, citing \u201can unusual amount of borrows\u201d and adding it hapaused all borrowing. <\/p>\n<p>Blockchain data showed the exploiter used a price oracle glitch to borrow $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at around $71.<\/p>\n<p>\u201cIt looks like your oracle was misconfigured. contact me to sort this out,\u201d\u00a0the hacker\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arbiscan.io\/tx\/0x38ae60739af0726831957546d9d16c92ed75164a1581d4e4e6f270917913ab9c\">wrote<\/a>\u00a0in an on-chain message. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-03\/939e1a43-d557-46c3-adec-96f6a143fd5a.PNG\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\"><em>Message sent to Tender.fi from the price oracle exploiter. Source: Arbiscan<\/em><\/figcaption><\/figure>\n<p>Eight hours later, the DeFi protocol announced it had come to an agreement with the \u201cWhite Hat\u201d exploiter, in which the hacker would repay all loans minus a 62.16 ETH \u201cbounty,\u201d worth around $97,000 at current prices.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Translation: The White Hat will repay all loans minus 62.158670296 ETH, which will be kept as a Bounty for helping secure the protocol. The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/H4ZMPLH9pz\">https:\/\/t.co\/H4ZMPLH9pz<\/a> Team will repay the Bounty s value to the protocol, so that there will be no bad debt and users will remain\u2026 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5bbmKu7zEe\">https:\/\/t.co\/5bbmKu7zEe<\/a><\/p>\n<p>\u2014 Tender.fi (@tender_fi) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/tender_fi\/status\/1633170576423661581?ref_src=twsrc%5Etfw\">March 7, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Another hour later, Tender.fi <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/tender_fi\/status\/1633181513259921408\">confirmed<\/a> on Twitter that the exploiter had completed the loan repayments. <\/p>\n<p>\u201cFunds are officially SaFu, post mortem on the way,\u201d it wrote.\u00a0<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>DeFi lender Tender.fi suffers exploit, white hat hacker suspected<\/em><\/strong><\/p>\n<p>Last year in August, cross-chain Nomad Bridge <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ealed to exploiters that participated in a smart contract exploit that extracted $190 million in funds from the bridge in less than three hours.<\/p>\n<p>Mere hours later, approximately $32.6 million worth of funds were already returned, suggesting some of the exploiters may have been white hat hackers attempting to extract funds for a later safe return.<\/p>\n<p>Later in the month, nonfungible token firm Meta<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> even offered a \u201cWhitehat Prize\u201d in the form of an NFT for anyone who proved they had returned at least 90% of the funds they stole from the protocol. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ Our friends at <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Metagame?ref_src=twsrc%5Etfw\">@metagame<\/a> created an earned NFT as a thank you to whitehats who returned funds from the Nomad Bridge Hack. Head over <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/TWwuJwnRXj\">https:\/\/t.co\/TWwuJwnRXj<\/a> to claim it! <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/V87rkGhBEE\">pic.twitter.com\/V87rkGhBEE<\/a><\/p>\n<p>\u2014 Nomad (\u292d\u26d3) (@nomadxyz_) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/nomadxyz_\/status\/1562097376214388736?ref_src=twsrc%5Etfw\">August 23, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Blockchain data from the Official Nomad Funds Recovery Address <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tokentxns?a=0x94A84433101A10aEda762968f6995c574D1bF154\">shows<\/a> that funds continued to be returned to the recovery address since then, with the latest transaction <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x2784f20cd6a07b5863e805a117dd5108edfe8263a8e14c13d54d17bc668d7f97\">recorded<\/a> on Feb. 18 for $7,868 in Covalent Query Token (CQT). <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/hacker-returns-stolen-funds-to-tender-fi-gets-97k-bounty-reward\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Hacker returns stolen funds to Tender.fi, gets $97K bounty reward &#8220; The hacker behind the exploit of the decentralized finance lending platform Tender.fi has returned the stolen funds for a $97,000 bounty reward in Ether (ETH).\u00a0 The exploit was executed at 10:28 am UTC on March 7, with Tender.fi confirming the incident on Twitter&#8230;<\/p>\n","protected":false},"author":1,"featured_media":560785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-03\/316900a4-a325-402d-bec2-622ba43e2253.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,74882,70944],"class_list":["post-560784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-hacks","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/560784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=560784"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/560784\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/560785"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=560784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=560784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=560784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}