In an unexpected move, a hacker responsible for exploiting Tender.fi—an Arbitrum-based lending platform— for $1.59 million in crypto assets has returned the funds, according to on-chain data. The attack occurred earlier today when the hacker took advantage of a misconfigured data oracle that enabled them to borrow substantial sums with a single GMX token worth $70 as collateral. The costly mistake was quickly identified by security firms PeckShield and BlockSec, who determined that the unusual loan was possible due to a misconfigured oracle used by Tender.fi.
At 1:30 PM EST, the parties involved in the hacking of Tender.fi reached a negotiated resolution, with the hacker agreeing to pay back all loans in exchange for a bounty reward of 62 ETH ($96,500). Following this agreement, Tender.fi issued a statement confirming that all funds had been recovered and that they would provide a post-mortem report on the incident.
“The hacker has completed the loan repayments. Funds are officially SaFu, post mortem on the way.”
Tender.fi’s Team
