On March 7, an ethical hacker drained $1.59 million from DeFi lending platform Tender.fi, resulting in the suspension of borrowing.
The exploit was detected by smart contract auditor CertiK and blockchain analyst Lookonchain, who then flagged it to the platform.
The hacker deposited 1 GMX token valued at $71, borrowing the assets worth $1.59 million, before returning the stolen funds after contacting Tender.fi hours after the attack.
CertiK explained that the exploiter left an on-chain message that was verified on the Arbitrum Blockchain Explorer.
While Lookonchain provided additional details of the exploit. Tender.fi confirmed the attack and praised the hacker for returning the stolen funds. The white hat hacker was rewarded with a bounty of $97,000.
The attack on Tender.fi highlights the need for stronger security measures to be implemented in DeFi protocols. Seven DeFi platforms lost over $21 million to hackers in February, and in Jan. 2023, $120 million was stolen from BonqDAO due to an oracle exploit.
The trend has raised concerns about the safety of funds in DeFi platforms, which have experienced significant growth in the past few years.