Yet another decentralized finance protocol gets exploited.
Tender.fi, an open-source, decentralized finance (DeFi) lending and borrowing protocol built on Metis, was exploited.
The news broke on March 7th with blockchain security firms, Lookonchain and CertiK, alerting the community about the exploit.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Cardano in Crypto? (Easily Explained!)
Shortly after that, Tender.fi took to Twitter to confirm the news claiming that there was “an unusual amount of borrows.”
Based on Lookonchain, hackers used a “misconfigured oracle” to exploit Tender.fi. Malicious actors reportedly borrowed around $1.59 million worth of assets by depositing only 1 GMX token. At the time of the exploit, the token was worth only $71.
It is worth noting that hackers borrowed funds in a form of USD Coin (USDC), Wrapped Bitcoin (wBTC), Ether (ETH), Chainlink (LINK), Uniswap (UNI), Dai (DAI), Tether (USDT), and Frax (FRAX).
On top of that, the data on the Arbitrum Blockchain Explorer revealed that hackers left an on-chain message, claiming that Tender.fi “oracle was misconfigured” and inviting the platform to contact the hacker and “sort this out.”
After an hour, Tender.fi shared an update claiming it was “attempting to contact the owner of the address.”
Later on, Tender.fi revealed that the exploit was performed by a white hat hacker, who agreed to return funds in exchange for a bounty. In its announcement, Tender.fi revealed that a white hat hacker is set to return all funds, except 62.158670296 ETH, worth around $97,000.
After eight hours, Tender.fi emphasized that white hat had completed “the loan repayments” and the funds were “SaFu.”
Decentralized finance protocols have been a recent target of malicious actors. In February alone, hackers exploited seven DeFi platforms draining them of more than $21 million.
