Sentiment, a lending protocol, has successfully recovered stolen funds from a recent hack by offering the hacker a bounty worth $95,000.
The protocol sent a message to the hacker on the Arbitrum blockchain, offering the money if the funds were returned by April 6. MetaMask developer Taylor Monahan tracked the progress and highlighted that the hacker had returned 414 Ether, worth around $771,000, in an initial transaction.
Eventually, the hacker returned another 51.75 ETH to the Sentiment recovery address, and the protocol confirmed that they had received the funds.
The hack, which occurred on April 4, involved the loss of funds initially estimated to be around $500,000, but later confirmed to be closer to $1 million.
Some on-chain sleuths suggested that the attack may have been a re-entry attack, while others said that the attacker relied on a bug.
A community member concluded that the entire fiasco was a result of companies not taking bug bounties seriously and praised the hacker’s efforts for “taking it by force,” while another Twitter user described the incident as just “a bug bounty with a criminal step” and urged companies to offer larger and more transparent bug bounties.
The incident bears similarities to the recent Euler Finance hack, in which the Ethereum protocol convinced a hacker to return around 90% of the stolen funds after offering a bounty. The hacker returned around $176.4 million in digital assets while keeping almost $20 million.
This demonstrates that bounties can be an effective way to recover lost funds and deter future attacks, but it also highlights the importance of proper bug bounty programs and protocols.
