VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Tender.fi is suspected of being attacked by white hat hackers and lost $1.59 million. Hackers used Tender.fi’s misconfigured oracles to borrow $1.59 million worth of crypto assets with just $70 worth of GMX tokens as collateral. On March 8, on-chain data showed that the hackers who attacked the Arbitrum ecological lending protocol Tender.fi had returned their funds, and the Tender.fi team agreed to pay the hackers 62 ETH ($96,500) as a bounty. Attack method (per SlowMist): Oracle Attack. Reported loss: $ 1,590,000.
Primary source
https://www.theblock.co/post/217823/tender-fi-hacker-returns-stolen-funds-gets-bounty-reward ↗Sourced from
slowmist
Technical record
- chain
- arbitrum
- protocol
- Tender.fi
- bug_class
- oracle
- date_occurred
- 2023-03-07
- loss_usd
- $1,590,000
- source_id
- sm:tender-fi::2023-03-07
Related — same bug class· oracle