An Account of the Recent White Hat Attack on DeFi Protocol Tender.fi

An Account of the Recent White Hat Attack on DeFi Protocol Tender.fi

Content provided by various contributors. DYOR.

In the latest development in the world of Decentralized Finance (DeFi), Tender.fi, a DeFi lending protocol, fell victim to a white hat attack. The alleged ethical hacker behind the attack had managed to drain a whopping $1.6 million from the platform, forcing the service to halt borrowing while it attempts to recover its assets.

The attack, which took place on Mar-07-2023 at 08:21:38 AM +UTC, has caused significant concern among the DeFi community. According to Numen Cyber’s on-chain monitoring, the attacker siphoned 198 ETH, 541700 USDC, 16 WBTC, 8798 UNI, 50011 DAI, 36700 USDT, 24975 FRAX, and 16,203 LINK, causing the native token of the Tender.fi (TND) project to fall by over 30% before recovering slightly after the recovery of funds.

Timeline of Events

Tender.fi confirmed an incident on March 7th that led to the depletion of funds after various community users raised concerns. Tender.fi took to Twitter to acknowledge the issue and announced that they were investigating an unusually high amount of borrows, which led to the depletion of funds. As a result, the platform temporarily halted all borrowing activities until the investigation was complete.

The native token of Tender.fi (TND) plummeted over 30% in response to news of a suspected black hat hacking incident. The market reacted swiftly, with investors reacting to the news of the platform’s loss of funds.

Vulnerability Details

The attack on Tender.fi has exposed a critical flaw in the platform’s smart contract code, specifically its price oracle, which allowed the attacker to exploit the system and make off with $1.6 million worth of cryptocurrencies. The attacker was able to obtain tGMX tokens by purchasing them with initial funds and then proceeded to borrow using the tETH.borrow method. However, the borrowing process had an error in the price calculation, specifically in the GMXPriceOracle.getUnderlyingPrice method.

The initial price was multiplied by both 1e20 and 1e10, resulting in a significant increase in the price of tGMX tokens. This allowed the attacker to borrow large sums of money, which eventually led to the loss of millions of dollars in funds for Tender.fi.

Attacker’s address:

https://arbiscan.io/address/0x896DF3759205C141c97640B2B7345FA479FEB1aB

Transaction:

https://arbiscan.io/address/0x896DF3759205C141c97640B2B7345FA479FEB1aB

Transaction Details

Post-Mortem

Tenderfi has rewarded a bounty of 62 ETH, which is approximately 6% of the exploited funds, to the White Hat. This amount is consistent with the industry standard for rewarding white hats who find and report security vulnerabilities. The White Hat who discovered the exploit promptly notified the Tenderfi team, who then worked quickly to repay the exploited funds.

Following the transaction’s completion, Tender.fi took to Twitter to confirm that their funds were officially secure. The platform also announced that it would conduct a post-mortem analysis of the attack to identify areas of improvement and prevent similar incidents in the future. Their native token, TND has since bounced back slightly since the recovery of funds.

Conclusion

Bitcoin live price
Btc
Bitcoin
$27.895
price
2.54338%
price change
TRADE NOW

The swift and cooperative response from both the White Hat and the Tenderfi team is highly commendable. This type of collaboration between security researchers and blockchain companies is critical to creating a safer and more secure ecosystem.

Read more from author

Editor's picks

The Best A.I. Crypto Trading Bots

As cryptocurrency evolves, trading has become increasingly automated, with many traders now relying on artificial intelligence (AI) and machine learning (ML) to maximize their profits. These AI-powered crypto trading bots are automated software designed to analyze market data, execute trades, and optimize profits on behalf of traders. Here are some of the top AI crypto trading bots of 2023: Dash 2 Trade As the overall best AI crypto trading bot for 2023, Dash 2 Trade boasts advanced intelligence and analytics…

The Latecomer’s Guide to Cryptocurrency

If you've arrived late to the cryptocurrency party, don't worry. It's always possible to start. Here's a primer to get you up to speed with crypto. Understanding Cryptocurrency Cryptocurrency is a form of digital or virtual currency that uses cryptography for security. Unlike traditional money, cryptocurrencies are decentralized and often operate on blockchain technology, a distributed ledger enforced by a network of computers known as nodes. The first and most well-known cryptocurrency is Bitcoin, but there are now thousands, including…

U.S. Crypto Tax Guide for 2023

The world of cryptocurrency is constantly changing, with innovations and new uses for digital currencies springing up every day. This innovation has left governments, including the U.S., scrambling to catch up. For example, as of 2023, the Internal Revenue Service (IRS) considers cryptocurrency property for tax purposes. This means the tax laws that apply to property transactions, like selling or exchanging property, also apply to cryptocurrencies. Cryptocurrency Basics Cryptocurrencies such as Bitcoin, Ethereum, and others are digital or virtual currencies…

The Best Beginner Crypto Trading Strategies to Learn

As the cryptocurrency market continues to evolve, it offers exciting opportunities for investors and traders alike. The market's volatility might seem intimidating for beginners, but if equipped with the right strategies, one can navigate the crypto space effectively. Here are some beginner-friendly crypto trading strategies that could help you embark on your trading journey. 1. Dollar-Cost Averaging (DCA) Dollar-cost averaging (DCA) is a strategy where you invest a fixed amount of money in a particular cryptocurrency regularly, irrespective of its…

Understanding Utility NFTs: A Comprehensive Guide

Before we dive into utility NFTs, let's briefly recap what NFTs are. NFTs, or Non-Fungible Tokens, are a type of digital asset created using blockchain technology. They're "non-fungible" because they are unique and can't be replaced with something else. This contrasts with fungible cryptocurrencies like Bitcoin or Ethereum, which can be exchanged like-for-like. NFTs can represent ownership or proof of authenticity for a wide range of tangible and intangible items, including artwork, collectibles, music, games, and more. What Are Utility…

A Beginners Guide to Trading Cryptocurrency in 2023

Cryptocurrency has gained considerable popularity in recent years, and many individuals are now exploring the opportunities it provides. Trading cryptocurrency may seem daunting to a newcomer due to its volatility and complexity. Still, this guide will simplify the process, providing a clear roadmap to entering the exciting cryptocurrency trading world. Understanding Cryptocurrency The first step is to understand the basics of cryptocurrency. A cryptocurrency is a digital or virtual currency that uses cryptography for security. It operates independently of a…

Cyfrin – Top Smart Contract Audit Company

The world of Decentralized Finance (DeFi) and blockchain technology is rapidly evolving, and with it come several security risks. As the industry matures, smart contract audits become increasingly important to ensure that projects run securely and efficiently. Cyfrin is at the forefront of this new blockchain security wave by offering developers and investors smart contract audit services. With experienced and certified professionals on staff, Cyfrin guarantees secure, reliable audits backed by industry best practices.  In this article, we'll look into…

How to Choose the Best Crypto Portfolio Tracker for Beginners

As a beginner in cryptocurrencies, it's essential to have access to accurate and up-to-date information to make informed decisions. A crypto tracker is a valuable tool that helps you monitor and analyze various cryptocurrencies, their prices, and other related data. This guide will walk you through choosing the best crypto tracker to suit your needs. Identify Your Requirements Before choosing a crypto tracker, it's crucial to determine your specific needs. As a beginner, you may be interested in the following:…

AI GameToEarn – Rewarding Player Skill and Competitiveness with $100k Guaranteed in a New Web3 Space

The transition from Web2 to Web3 has opened the door to new possibilities. However, AI GameToEarn has identified several challenges in the current gaming sector.  Through multiple features, a comprehensive tokenomics model, and a whitelist event, AI GameToEarn seeks to transform everyone's digital gaming experience. Today, we'll look at what this team intends to offer to the Web3 community. Then, we'll have time to mention the project's future milestones, NFTs, and more. Overview of AI GameToEarn Let's begin by understanding…