The decentralized finance (DeFi) lending site Tender.fi has suspended lending as it works to recover $1.59 million that an alleged ethical hacker did steal from it.
The blockchain analyst Lookonchain and Web3-focused smart contract auditor CertiK identified a vulnerability on March 7 that allowed money to be taken from the DeFi lending system. Using the protocol, “an extraordinary volume of borrowing,” Tender.fi acknowledged the situation on Twitter:
According to the platform’s most recent update, a white hat hacker has been in touch, and negotiations to recover assets lost as a result of the attack are in progress. White hat hackers, sometimes referred to as ethical hackers, frequently discover and exploit security holes in various protocols before remitting funds.
Further information on the attack was released by Lookonchain, which cited blockchain data demonstrating how the white hat hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 GMX token, currently worth $71.
Early in 2023, DeFi protocols became a target for hackers, with seven separate platforms losing more than $21 million in only the month of February. In January 2023, hackers also used an Oracle weakness to steal more than $120 million from BonqDAO.