How someone borrowed $ 1.6 million with collateral worth $ 70: the Tender.Fi-Exploit

Der Hacker, der Krypto-Assets im Wert von 1,59 Millionen US-Dollar von der Arbitrum-basierten DeFi-Kreditplattform Tender.fi gestohlen hat, hat fast alle Gelder zurückerstattet und rund 97.000 US-Dollar als Kopfgeld behalten. Tender.fi wurde am Morgen des 7. März mit dem offiziellen Twitter-Namen des Projekts ausgenutzt bestätigen den Vorfall in einem Tweet wenige Minuten später. Tender.fi für 1,59 Millionen Dollar ausgebeutet Laut dem Tweet gab Tender.fi bekannt, dass es eine „ungewöhnliche Menge“ an Krediten bemerkt hatte und untersuchte. Die Plattform pausierte während der Untersuchung auch ihren Ausleihdienst. On-Chain-Daten zeigten, dass der Angreifer einen Orakelfehler ausgenutzt hat. Der Fehler ermöglichte es dem Hacker, bis …
The hacker, who stolen crypto-assets worth $ 1.59 million from the arbitrum-based defi-credit platform Tender.Fi, has refunded almost all of the money and kept around $ 97,000 as a bounty. Tender.fi was exploited on the morning of March 7 with the official Twitter name of the project confirmed the incident in a tweet a few minutes later. Tender.fi for $ 1.59 million, according to the tweet, tender.fi announced that it had noticed and examined an “unusual amount” of loans. The platform also paused its lending service during the examination. On-chain data showed that the attacker used an oracle error. The error made it possible for the hacker to ...
Krypto News Österreich
Aktualisiert:
Artikel als PDF
Kommentare
Diesen Artikel teilen:
Facebook X Whatsapp Email

The hacker, who stole crypto-assets worth 1.59 million US dollars from the Arbitrum-based Defi-credit platform Tender.Fi, has refunded almost all of the money and kept around $ 97,000 as bounty.

tender.fi was used on the morning of March 7 with the official Twitter name of the project Confirm The incident in a tweet a few minutes later.

tender.fi for $ 1.59 million $

According to the tweet, Tender.fi announced that it had noticed and examined an "unusual amount" of loans. The platform also paused its lending service during the examination.

on-chain data showed that the attacker used an oracle error. The error made it possible for the hacker to rent up to $ 1.59 million in Ether (Eth) token with a deposit of a GMX token worth $ 71 as security.

after the exploit, the hacker left an on-chain message for tender.fi and said: "It looks like your oracle is wrong. Contact me to clarify that." This shows that the exploider A is white hat hacker.

A few hours later, tender.fi announced that it had contacted the attacker to negotiate and discuss the conditions of a bounty agreement.

"The Whitehat has contacted Debank contact and we are currently talking about how we can fix this situation. We will keep you up to date with further information as soon as we have it," says the protocol.

hacker retains $ 97,000 as a premium

seven hours later, the protocol revealed that it agreed to the hacker and that the funds would be reimbursed.

About an hour later the hacker returned $ 1.49 million and kept $ 96,500 as a bounty. Both tender.fi and blockchain security company peckshield confirmed The Transaction .

translation: The white has all loans minus 62,158670296 ETH, which is retained as a bounty for securing the protocol. The https://t.co/h4zmplh9pz team will repay the value of the premium to the protocol, so that there are no unusual claims and the users remain ... https://t.co/5bbmku7zee

- tender.fi (@tender_fi) 7. March 2023

.

Krypto News Österreich
Aktualisiert:
Artikel als PDF
Kommentare
Diesen Artikel teilen:
Facebook X Whatsapp Email
Der Hacker, der Krypto-Assets im Wert von 1,59 Millionen US-Dollar von der Arbitrum-basierten DeFi-Kreditplattform Tender.fi gestohlen hat, hat fast alle Gelder zurückerstattet und rund 97.000 US-Dollar als Kopfgeld behalten. Tender.fi wurde am Morgen des 7. März mit dem offiziellen Twitter-Namen des Projekts ausgenutzt bestätigen den Vorfall in einem Tweet wenige Minuten später. Tender.fi für 1,59 Millionen Dollar ausgebeutet Laut dem Tweet gab Tender.fi bekannt, dass es eine „ungewöhnliche Menge“ an Krediten bemerkt hatte und untersuchte. Die Plattform pausierte während der Untersuchung auch ihren Ausleihdienst. On-Chain-Daten zeigten, dass der Angreifer einen Orakelfehler ausgenutzt hat. Der Fehler ermöglichte es dem Hacker, bis …
The hacker, who stolen crypto-assets worth $ 1.59 million from the arbitrum-based defi-credit platform Tender.Fi, has refunded almost all of the money and kept around $ 97,000 as a bounty. Tender.fi was exploited on the morning of March 7 with the official Twitter name of the project confirmed the incident in a tweet a few minutes later. Tender.fi for $ 1.59 million, according to the tweet, tender.fi announced that it had noticed and examined an “unusual amount” of loans. The platform also paused its lending service during the examination. On-chain data showed that the attacker used an oracle error. The error made it possible for the hacker to ...

Kommentare (0)