DeFi
A white hat hacker that focused DeFi protocol Tender.fi has returned $1.6 million that was stolen on Tuesday, receiving a 62.15 ether ($85,000) bug bounty as a substitute.
The assault occurred after Tender.fi upgraded its value feed to relay knowledge from a Chainlink pricing oracle versus a time-weighted common value (TWAP). The code, which was audited by PeckShield, contained an error and returned a quantity with too many zeros behind it. This meant the attacker was capable of deposit one GMX token, price round $70, successfully tricking the system into permitting infinite borrows, in line with a postmortem revealed on Tender.fi’s Medium web page.
After extracting $1.6 million from the protocol, the hacker left an on-chain message: “It seems to be like your oracle was misconfigured. Contact me to kind this out.”
Tender.fi reached out and agreed to pay the white hat hacker a 62.15 ether bug bounty.
The protocol plans to deploy a brand new rewritten oracle contract earlier than unpausing borrowing. It has additionally vowed to repay any unpaid debt left behind by the hacker.
The TND token, which plunged by 34% on Tuesday, is buying and selling at $1.87. It has elevated by 2.37% previously 24-hours towards its ethereum pair however stays down by 7.62% towards its U.S.greenback pair following a crypto market rout.
