In a surprising turn of events, a hacker responsible for a $1.59 million exploit on Tender.fi, an Arbitrum-based lending platform, has now returned funds, on-chain data show.
Earlier today, the hacker took advantage of a misconfigured data oracle that allowed them to borrow $1.59 million in crypto assets with just a single GMX token worth $70 as collateral, a costly error for the protocol.
Security firms PeckShield and BlockSec were quick to investigate the matter and discovered that the unusual loan could happen by a misconfigured oracle used by Tender.fi, an Arbitrum-based lending platform.
At 1:30 pm EST, the hacker began paying back the loans after the two parties agreed on a negotiated deal done via on-chain messages. The Tender.fi team had agreed to pay 62 ETH ($96,500) as a bounty reward to the hacker.
Tender.fi issued a statement regarding the return of the funds and promised a post-mortem report would be provided. “The hacker has completed the loan repayments. Funds are officially SaFu, post mortem on the way,” it said.
Share this article: