In a world increasingly ruled by technology, the security of our digital assets has become one of the top concerns for many organizations. Recently, a white hat hacker breached the Ethereum-based decentralized finance (DeFi) protocol Tender.fi and managed to extract around $1.59 million worth of assets before returning them.
Tender.fi noticed the incident when it noticed an “unusual amount of borrows” and alerted its users on Twitter that it had paused all borrowing activities while they investigated the issue. It seemed that the hacker had exploited a price oracle glitch to take out loans using a single GMX token valued at around $71.
But it wasn’t long before the DeFi protocol announced that they had reached an agreement with the white hat hacker. The hacker would return the full amount of the stolen funds minus a hefty 62.158670296 ETH, roughly equal to $97,000 in ETH.
This bounty reward is not unique, as it follows a trend of other DeFi protocols offering hacker bounties. In August 2020, Nomad Bridge suffered a hack that saw $190 million of funds stolen and almost $32.6 million was already returned, suggesting some of the exploiters were white hat hackers who had extracted the funds for a safe return. Not to be outdone, NFT firm Metagame even offered an NFT as a “Whitehat Prize” to anyone who proved they had returned at least 90% of the stolen funds from its protocols.
The latest activity to hit Tender.fi could also be seen as part of a bigger rise in DeFi longevity as blockchain data from the Nomad Funds Recovery Address indicated that a lot of funds had been returned over the past year, with a transaction of $7,868 in Covalent Query Token (CQT) recorded as recently as February 18.
Ultimately, white hat hacking may be a controversial topic but it can also be seen as a benefit for many large organizations. Tender.fi itself had been lucky to work out their own security breach thanks to the white hat hacker, yielding a reward of $97,000 ETH for the hacker.
The incident should show the importance for organizations to develop sound security measures in the face of potential hacking threats. Ultimately, the safest bet includes implementing a white hat hacker bounty program as it can prove beneficial in the long run.