DeFi Protocol Tender.fi Exploited by Alleged White Hat Hacker

  • DeFi lender Tender.fi has paused all borrowing while investigating an exploit which saw an attacker borrow $1.6 million worth of assets using only 1 GMX token.
  • The attacker, however, appears to be a white hat hacker who the platform has already contacted in order to remedy the situation.
hackers

Shutterstock

Decentralized finance (DeFi) protocol Tender.fi was exploited for $1.59 million due to a misconfigured oracle, allegedly by a white hat hacker, the platform said via Twitter on 7 March.

First to flag the exploit were smart contract auditor CertiK and blockchain analyst Lookonchain, and the incident was later confirmed by Tender.fi’s team, who said they had paused all borrowing on the platform while investigating an “unusual amount of borrows”. The attacker had also left an on-chain message — verified on the Arbitrum Blockchain Explorer — calling on Tender.fi to “contact me to sort this out”.

Tender.fi’s native token TND fell by more than 34% when the news got out, but started to recover after the protocol revealed it had made contact with the alleged white hat hacker — an individual who attacks a platform to find its flaws, before returning the funds — and is currently in discussions on how to remedy the situation.

Blockchain analysist Lookonchain went further into the exploit, explaining that the attacker used a misconfigured pricing oracle to borrow $1.59 million worth of assets from the Tender.fi protocol by depositing only 1 GMX token, which at current prices is valued at $71.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

NY Attorney General Sues DGC, Genesis, and Gemini for Fraud
  • An investigation from the New York Attorney General’s office has allegedly found that Gemini was aware of Genesis’ weak financial position, but still lied to investors.
  • The lawsuit is looking to ban DCG, Genesis, and Gemini from the New York financial industry, seek restitutions for investments, and the return of “ill-gotten gains”.
Genesis Sues DCG and DCGI for Over $600M in Unpaid Loans
  • Bankrupt crypto lender Genesis is trying to recover around $500 million from DCG, and another 4,550.5 BTC from DCGI, which it had loaned to the two companies in 2022.
  • Both DCG and DCGI requested that the debts were converted to open loans on 9 May, but Genesis declined both offers and demanded the repayment of the loans with interest.