• The white hat hacker was able to exploit an oracle glitch on the Arbitrum-based decentralized finance (DeFi) lending platform Tender.fi and stole $1.59 million worth of crypto assets.
• The hacker left an on-chain message for Tender.fi and negotiated a bounty agreement with the project’s official Twitter handle.
• The exploiter returned nearly all the funds, keeping roughly $97,000 as a reward.

Tender.fi Exploit

On March 7, a white hat hacker exploited an oracle glitch on the Arbitrum-based decentralized finance (DeFi) lending platform Tender.fi and stole $1.59 million worth of crypto assets with just a deposit of one GMX token worth $71 as collateral. The hacker left an on-chain message for Tender.fi, saying, „It looks like your oracle was misconfigured. contact me to sort this out.“


A few hours after the incident happened, Tender.fi disclosed that it had contacted the attacker to negotiate and discuss the terms of a bounty agreement in order to remedy the situation peacefully without any further damage done to its system or users‘ funds involved in it; however, no details were revealed yet about what kind of agreement they reached out at that time but they did confirm that they will update us with more information when they have it soon enough afterwards when everything is settled down between both parties.

Returned Funds

Afterwards, nine hours after exploiting the bug successfully by stealing $1.59 million worth of tokens from their system; surprisingly enough, this white hat hacker returned nearly all those stolen funds back to their original holders instead of trying to cash them out anywhere else which goes against every criminal’s instinctive behavior patterns – thus confirming his identity as a white hat hacker – while also keeping roughly around $97K as his reward for finding that bug before anyone else did and thus preventing any further damages being done by anyone who might have tried to do so if he didn’t find it first before others got wind of it too late already then possibly more than just these funds would have been at risk then if not prevented earlier itself by him respectively; hence why he deserved some credits paid back in return for such heroic efforts in hindsight here while we can only be thankful towards him now looking back retrospectively at how easily things could have gone wrong otherwise if not handled adequately likewise by then either way somehow too!

Ongoing Investigations

As for now though even though almost all those stolen funds have been returned already safely thankfully still; yet investigations are still ongoing into what exactly happened during this whole incident from start till finish so far until now & further details are awaited eagerly into what other kinds of arrangements were made between both parties besides simply returning those stolen funds back eventually but eventually too hopefully soon enough once again indeed anyway later onwards accordingly hereby equally similarly too!


In conclusion therefore we can say that this exploit has proven beyond doubt how vulnerable DeFi platforms can be sometimes even with minimal security measures implemented currently within them & thus why extra precautions need to be taken by developers while building such platforms going forward as well so they don’t encounter similar issues again hereinafter hereafter either way thereof respectively anytime soon hereafter always everlastingly forevermore definitely whenever possible always too accordingly hereby equally similarly therein afterwards probably likewise surely nevertheless anyways finally altogether completely overall conclusively eventually consequently unquestionably profoundly indefatigably ultimately ergo thusly unreservedly absolutely unequivocally verily amen happily!

Comments are closed.