Cryptocurrency hacker receives almost $ 100,000 reward for stealing funds

The hacker who hacked the Tender. fi lending crypto platform and stole almost $ 1.6 million has returned the stolen funds for a reward. As part of the agreement, the DeFi company paid the programmer 6% of the cost of the exploit. Thus, the white hacker received 62.16 ETH or $ 97,000.

We have come to an agreement with the White Hat, an on chain transaction was sent with an attached message containing the terms of this agreement. https://t.co/9a5IsgID0Q

— Tender. fi (@tender_fi) March 7, 2023

How did the attack take place?

on March 7, an «unusual number of borrowings» were made on Tender. fi, after which the platform stopped all lending operations. Security analysts drew attention to the situation on the platform when a hacker «borrowed» crypto assets worth $ 1.59 million. As collateral, he deposited only 1 GMX token, which at the time of writing is trading for $ 70.

Due to the misconfigured oracle of https://t.co/Hw715UqCeV, a white hat «0×896d» borrowed ~$ 1.59M in assets by depositing only 1 $GMX($ 71).

If you have deposited assets on https://t.co/Hw715UqCeV, please pay attention!https://t.co/XO3yQHwk3M pic.twitter.com/G96h2EC0Fm

— Lookonchain (@lookonchain) March 7, 2023

«It looks like your oracle was not properly configured. Please contact me to sort this out,» the hacker wrote in a message to Tender.fi.

According to the data analysis platform DefiLlama, hackers have stolen more than $ 5 billion from DeFi platforms since 2017. In February of this year alone, seven decentralized platforms lost more than $ 21 million.

The problem of hacking DeFi protocols and other cryptocurrency projects is not new. Companies often offer hackers a reward for finding bugs and vulnerabilities through the Bug Bounty system. However, only a few are so lucky — most cybercriminals end up in jail sooner or later.

As a reminder, a hacker who stole more than $ 20 million in bitcoins last fall will be imprisoned for 20 years. The hacker used ransomware to steal information from Windows-based systems and demanded payment from the victims in bitcoin using encryption. The fraudster’s victims included government agencies, law enforcement agencies, colleges, schools, and universities.