News

White hat hacker exposes Tender.fi exploit

Thursday 9 March 2023 11:15 CET | News

DeFi lending platform Tender.fi has temporarily lost USD 1.59 million worth of assets due to a misconfiguration exploited by a white hat hacker.

 

The hack caused Tender.fi to put a halt on its service as soon as it detected an unusual amount of borrows. However, the hacker still managed to drain almost USD 1.6 million by exploiting a misconfigured oracle. Shortly after the incident, the hacker made contact with the company and engaged in discussions to return the funds.

According to cointelegraph.com, the hacker left an on-chain message that has been verified on the Arbitrum Blockchain Explorer. The message simply stated ‘It looks like your oracle was misconfigured. contact me to sort this out.’ The hacker managed to borrow USD 1.59 million worth of assets from the protocol by depositing 1 GMX token. Tender.fi rewarded the white hat hacker with USD 97,000 for pointing out the vulnerability and returning the funds.

Coindesk reported that TND, the native token of Tender.fi, dropped by 34% before recovering on 7 March after the platform fell victim to the attack. The token, which trades mostly on the decentralised exchange Uniswap, was valued at USD 1.99 when the firm paused withdrawals, but it was seen trading at USD 2.82 after the company clarified the situation and engaged in talks with the hacker.

 

DeFi lending platform Tender.fi has temporarily lost USD 1.59 million worth of assets due to a misconfiguration exploited by a white hat hacker.

 

White, grey, and black hat hacking

According to Avast, white hat hackers are ethical security hackers who identify and fix vulnerabilities. These hackers usually break into systems with the permission of the organizations they hack into, as they attempt to uncover system weaknesses in order to fix them and help strengthen a system’s overall security. Many cybersecurity leaders started out as white hat hackers, but the vital role played by ethical hacking can still be widely misunderstood.

Grey hat hackers may not have criminal or malicious intent, but they also don’t have the prior knowledge or consent of those whose systems they hack into.  When grey hat hackers uncover weaknesses such as zero-day vulnerabilities, they usually report them to the parties in question instead of fully exploiting them. However, grey hat hackers could ask for payment in exchange for providing the full details of what they have discovered.

Black hat hackers are cybercriminals that break into systems illegally with malicious intent. Their main goal is to gain unauthorised access to computer systems by exploiting security vulnerabilities, or by implanting a virus or other type of malware such as a trojan. Black hat hackers often rely on ransomware attacks in order to extort financial gains or breach data systems.

In the case of Tender.fi, it could be argued that the breach resulted from a mix of white hat and grey hat techniques, as the hacker did not previously inform the victim of his attack. However, the hacker did not have malicious intent, as he returned the funds and provided details about what he has uncovered.


Source: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: cybersecurity, hacking, cryptocurrency, lending
Categories: DeFi & Crypto & Web3
Companies: Tender.fi
Countries: United States
This article is part of category

DeFi & Crypto & Web3

Tender.fi

|
Discover all the Company news on Tender.fi and other articles related to Tender.fi in The Paypers News, Reports, and insights on the payments and fintech industry: