An Account of the Recent White Hat Attack on DeFi Protocol Tender.fi

An Account of the Recent White Hat Attack on DeFi Protocol Tender.fi

Content provided by various contributors. DYOR.

In the latest development in the world of Decentralized Finance (DeFi), Tender.fi, a DeFi lending protocol, fell victim to a white hat attack. The alleged ethical hacker behind the attack had managed to drain a whopping $1.6 million from the platform, forcing the service to halt borrowing while it attempts to recover its assets.

The attack, which took place on Mar-07-2023 at 08:21:38 AM +UTC, has caused significant concern among the DeFi community. According to Numen Cyber’s on-chain monitoring, the attacker siphoned 198 ETH, 541700 USDC, 16 WBTC, 8798 UNI, 50011 DAI, 36700 USDT, 24975 FRAX, and 16,203 LINK, causing the native token of the Tender.fi (TND) project to fall by over 30% before recovering slightly after the recovery of funds.

Timeline of Events

Tender.fi confirmed an incident on March 7th that led to the depletion of funds after various community users raised concerns. Tender.fi took to Twitter to acknowledge the issue and announced that they were investigating an unusually high amount of borrows, which led to the depletion of funds. As a result, the platform temporarily halted all borrowing activities until the investigation was complete.

The native token of Tender.fi (TND) plummeted over 30% in response to news of a suspected black hat hacking incident. The market reacted swiftly, with investors reacting to the news of the platform’s loss of funds.

Vulnerability Details

The attack on Tender.fi has exposed a critical flaw in the platform’s smart contract code, specifically its price oracle, which allowed the attacker to exploit the system and make off with $1.6 million worth of cryptocurrencies. The attacker was able to obtain tGMX tokens by purchasing them with initial funds and then proceeded to borrow using the tETH.borrow method. However, the borrowing process had an error in the price calculation, specifically in the GMXPriceOracle.getUnderlyingPrice method.

The initial price was multiplied by both 1e20 and 1e10, resulting in a significant increase in the price of tGMX tokens. This allowed the attacker to borrow large sums of money, which eventually led to the loss of millions of dollars in funds for Tender.fi.

Attacker’s address:

https://arbiscan.io/address/0x896DF3759205C141c97640B2B7345FA479FEB1aB

Transaction:

https://arbiscan.io/address/0x896DF3759205C141c97640B2B7345FA479FEB1aB

Transaction Details

Post-Mortem

Tenderfi has rewarded a bounty of 62 ETH, which is approximately 6% of the exploited funds, to the White Hat. This amount is consistent with the industry standard for rewarding white hats who find and report security vulnerabilities. The White Hat who discovered the exploit promptly notified the Tenderfi team, who then worked quickly to repay the exploited funds.

Following the transaction’s completion, Tender.fi took to Twitter to confirm that their funds were officially secure. The platform also announced that it would conduct a post-mortem analysis of the attack to identify areas of improvement and prevent similar incidents in the future. Their native token, TND has since bounced back slightly since the recovery of funds.

Conclusion

Bitcoin live price
Btc
Bitcoin
$27.941
price
0.89264%
price change
TRADE NOW

The swift and cooperative response from both the White Hat and the Tenderfi team is highly commendable. This type of collaboration between security researchers and blockchain companies is critical to creating a safer and more secure ecosystem.

Read more from author

Editor's picks

ArtHouse Spirits DAO – Tokenized Alcohol Combined with Real Crypto Benefits

The crypto space is the ideal nurturing environment for like-minded individuals to form communities and enjoy shared interests and activities. One such club is ArtHouse Spirits DAO (AHSD), an exclusive association of high-net-worth people who appreciate pricey, aged rums and unique, real asset-backed NFT collectibles. AHSD was born to reward rum connoisseurs with a digital club in the emerging web3 world. Here, they can enjoy rare benefits, physical perks, VIP events, and voting rights within the decentralized autonomous organization. Furthermore,…

ArtHouse Spirits DAO – A Project Combining Tokenized Rum with Real Benefits

We live in an era of unprecedented technological advancement, with the potential to combine traditional industries with new digital technologies. ArtHouse Spirits DAO is a project combining tokenized rum with real benefits while leveraging the Dictador brand and artistic collaborations. By appealing to an élite group of high-net-worth individuals, this project aims to create a luxurious community. Here, members can benefit from exclusive events, investments, and more. Today's article will explore the project’s potential and its team's roadmap, giving you…

A Detailed Analysis of Euler Finance’s $196 Million Flash Loan Attack

On 13 March 2023 at 08:56:35 AM +UTC, DeFi lending protocol Euler Finance experienced a Flash Loan Attack. Euler Finance is a protocol that operates as a permissionless lending protocol. Its primary goal is to facilitate lending and borrowing of various cryptocurrencies for users. The UK-based tech startup utilizes mathematical principles to develop non-custodial protocols on Ethereum and other blockchain networks, with a focus on achieving high performance. Based on on-chain data analysis, the attacker has successfully executed multiple transactions resulting…

DevourGO Establishes Devour DPAY as the Payment and Rewards Token for the Restaurant Industry

The global economy is steadily transitioning from Web2 to Web3, and the restaurant industry is no exception. In this context, DevourGO has established Devour DPAY as this sector's payment and rewards token. The strategy offers restaurants a way to connect with Web3 communities while giving their guests real-world recognition for their affiliations. The project has three core utility pillars - crypto payments, DPAYBack rewards, and NFTs. In this way, DevourGO's ecosystem creates a win-win relationship between restaurants and their customers.…

BingX – A Crypto Exchange with Enhanced Copy Trading Features and More

As the number of traders in the crypto industry grows, different people look for different products to suit their needs. One of the most popular names in the cryptocurrency industry is BingX. It's a popular crypto exchange that offers spot, contract, copy, and grid trading to millions of customers in over 100 countries. Today's review will examine BingX and its features, focusing on copy trading and other essential platform aspects. What Is BingX? BingX is a leading crypto exchange that…

An Account of the Recent White Hat Attack on DeFi Protocol Tender.fi

In the latest development in the world of Decentralized Finance (DeFi), Tender.fi, a DeFi lending protocol, fell victim to a white hat attack. The alleged ethical hacker behind the attack had managed to drain a whopping $1.6 million from the platform, forcing the service to halt borrowing while it attempts to recover its assets. The attack, which took place on Mar-07-2023 at 08:21:38 AM +UTC, has caused significant concern among the DeFi community. According to Numen Cyber’s on-chain monitoring, the attacker siphoned 198…

Is Polkadot a Good Investment in 2023?

Since the inception of cryptocurrency, the bull run and the bear market have had significant impacts. In fact, because of the volatile nature of cryptocurrency, these are two sides of the coin every crypto investor anticipates when investing in the market. While investors look forward to the bull run, the bear market, also known as "crypto winter," is the dread of any investor.  As of 2022, a report by CNBC stated that cryptocurrencies suffered a considerable decline, losing about $2…

Clinton and Epstein’s Flight Log Now An NFT Collection by ViceHub

Crypto enthusiasts have found a new way to immortalize history with the launch of 'Lolita Adventures.' This NFT collection is based on former US President Bill Clinton and late financier Jeffrey Epstein's flight log. ViceHub, an Ethereum and Solana-based NFT project, has created this collection combining satire and journalism to tokenize a piece of history. The Idea Behind this New NFT Collection The crypto space is witnessing yet another project working to change the NFT narrative. Through Lolita Adventures, this…

What Are Crypto Copycat Projects?

Crypto copycat projects are cryptocurrencies designed to imitate the functionality and success of existing cryptocurrencies. These projects typically try to capitalize on the popularity of established cryptocurrencies, such as Bitcoin, Ethereum, or Binance Coin, by offering similar features, branding, or even a name close to the original currency. The aim of copycat crypto projects is often to ride the coattails of the original cryptocurrency's success and make a profit by selling tokens or coins to investors who are attracted to…