DeFi Protocol Tender.fi Exploited by Alleged White Hat Hacker

  • DeFi lender Tender.fi has paused all borrowing while investigating an exploit which saw an attacker borrow $1.6 million worth of assets using only 1 GMX token.
  • The attacker, however, appears to be a white hat hacker who the platform has already contacted in order to remedy the situation.
hackers

Shutterstock

Decentralized finance (DeFi) protocol Tender.fi was exploited for $1.59 million due to a misconfigured oracle, allegedly by a white hat hacker, the platform said via Twitter on 7 March.

First to flag the exploit were smart contract auditor CertiK and blockchain analyst Lookonchain, and the incident was later confirmed by Tender.fi’s team, who said they had paused all borrowing on the platform while investigating an “unusual amount of borrows”. The attacker had also left an on-chain message — verified on the Arbitrum Blockchain Explorer — calling on Tender.fi to “contact me to sort this out”.

Tender.fi’s native token TND fell by more than 34% when the news got out, but started to recover after the protocol revealed it had made contact with the alleged white hat hacker — an individual who attacks a platform to find its flaws, before returning the funds — and is currently in discussions on how to remedy the situation.

Blockchain analysist Lookonchain went further into the exploit, explaining that the attacker used a misconfigured pricing oracle to borrow $1.59 million worth of assets from the Tender.fi protocol by depositing only 1 GMX token, which at current prices is valued at $71.

Discussion
Related Coverage
Euler Finance Exploited for $197M in Flash Loan Attack
  • The attacker carried out multiple transactions to steal 85,818 staked ether (stETH), 34.5 million USDC, 849 wrapped Bitcoin (WBTC), and 8.9 million DAI.
  • Euler Finance is now working with security professionals and law enforcement trying to rectify the situation, and will provide more information in the near future.
a day ago
hacker

Shutterstock

Babel Finance Considers Minting Special “Recovery” Stablecoin
  • Babel Finance co-founder Yang Zhou is planning to propose the creation of a new DeFi project in order to generate revenue to repay debts owed to creditors.
  • Called Hope, the potential DeFi platform aims to mint a new crypto-backed stablecoin, which will serve as a type of “recovery coin” for Babel.
MyAlgo Warns Users to Withdraw Assets After $9M Exploit
  • The Algorand wallet provider has warned users to withdraw their assets from mnemonic wallets after an attacker targeted a group of “high-profile MyAlgo accounts”.
  • The root cause of the attacks remains unknown, with MyAlgo still investigating the issue, but reports have indicated that close to $9M were stolen so far.