The staff behind the Renegade.fi protocol stated a whitehat hacker returned about $190,000 after exploiting considered one of its Arbitrum-based decentralized darkish swimming pools and later complying with directions in an onchain message to return 90% of the funds.
Renegade confirmed the return of funds on Sunday after blockchain analytics platform Blockaid flagged the $209,000 exploit at 8:27 am UTC. The hacker injected malicious logic right into a defective operate tied to its V1 Arbitrum darkish pool to steal 27 ERC-20 tokens.
Knowledge from Arbitrum block explorer Arbiscan exhibits that the whitehat returned about $190,000 to the Arbitrum pockets handle “0xE4A…5CFBE,” which incorporates $84,370 value of USDC (USDC), $27,885 in wrapped Bitcoin and $23,950 in wrapped Ether.
Supply: Renegade
White hat hackers have come to play a vital function within the struggle towards exploiters who proceed to use crypto protocols regardless of strengthened safety measures in recent times.
Trade initiatives just like the crypto safety nonprofit Safety Alliance’s Secure Harbor framework have been set as much as allow white hats to steal funds for momentary safekeeping whereas being legally protected.
In an onchain message, Renegade requested the hacker to return 90% of the funds and preserve the remaining 10% as a “whitehat bounty” to keep away from going through potential “civil or felony motion.”
The onchain message that Renegade despatched to the hacker. Supply: Arbiscan
The white hat hacker despatched greater than 90% of the stolen funds again inside 45 minutes and stated in response to the onchain message that the motion was taken to guard DeFi customers:
“I’ve seen a number of contempt towards my actions. Though I perceive that what I did was not moral, within the present DeFi cybersecurity, I imagine this was the perfect resolution to guard customers’ funds and guarantee their security.”
The white hat hacker additionally hinted that Renegade ought to tighten up its safety measures, stating that the vulnerability exploited was “tooooo easy and dangerous.”
Associated: Crypto hackers stole $17B over previous 10 years: DefiLlama
North Korean state-backed hackers “would by no means come to barter,” they added.
Renegade stated the exploit appeared to have resulted from the deployment code failing to assign an express proprietor and from a defective migration in an April 2025 software program replace, enabling anybody to rewrite the good contract tied to its V1 Arbitrum darkish pool.
Darkish swimming pools are personal buying and selling platforms that permit giant trades to happen with out exposing their intentions to, or impacting, the broader market.
Renegade added that it might publish a autopsy with a “full root-cause evaluation” explaining the safety incident.
Renegade stated it might totally compensate affected customers, and that solely 7% of its buying and selling quantity was channeled by the V1 Arbitrum darkish pool and that it might contact the “small variety of affected customers instantly.”
Journal: AI-driven hacks may kill DeFi — until tasks act now
