Hackers attacked Tender.fi, an Arbitrum-based lending platform, “failing” to return the money.
On the afternoon of March 7, a white hat hacker infiltrated and withdrew $1.59 million from Tender.fi. For investigation purposes, Tender.fi has stopped all loans.
We are investigating an unusual amount of borrowing that came through the protocol- in the meantime, we have paused all borrowing. Thank you for your patience.
— Tender.fi (@tender_fi) March 7, 2023
According to a trace from Loononchain, taking advantage of an oracle vulnerability, the hacker borrowed $1.59 million with only a single GMX token (worth $70) as collateral.
Due to the misconfigured oracle of https://t.co/Hw715UqCeVa white hat “0x896d” borrowed ~$1.59M assets by depositing only 1 $GMX($71).
If you have assets on https://t.co/Hw715UqCeVplease pay attention!https://t.co/XO3yQHwk3M pic.twitter.com/G96h2EC0Fm
— Lookonchain (@lookonchain) March 7, 2023
However, the attacker later agreed to return the “booty”, after the two sides negotiated and agreed on the issue. At the same time, Tender.fi will send back 62 ETH ($96,500) as a bounty reward for the hacker.
We have come to an agreement with the White Hat, an on chain transaction was sent with an attached message that contains the terms of this agreement. https://t.co/9a5IsgID0Q
— Tender.fi (@tender_fi) March 7, 2023
Tender.fi’s TND token price fell about 35% before recovering to the current $2.56 price mark.
Despite gaining a lot of momentum in recent times, the DeFi ecosystem on Arbitrum has been constantly experiencing security issues. Adjacent to Tender.fi is Hope Finance drained 2 million USD and DEX ArbiSwap “rug pull” users.
Synthetic Kyptos
