The bounty offered via on-chain messages was around $97,000, or 6% of the amount raised for the exploit.

The hacker behind the decentralized finance lending platform Tender.fi has returned the stolen funds and received a $97,000 ETH bounty

Ethereum

The exploit was executed at 10:28am UTC on March 7, and Tender.fi confirmed the incident on Twitter shortly after, saying that “borrowing amounts were abnormal,” adding that it had paused all borrowing.

Blockchain data shows that by exploiting the price oracle glitch, $1.59 million worth of assets were borrowed from the protocol by depositing 1 GMX token (worth about $71).

“It looks like your oracle is misconfigured. Contact me to resolve this,” the hacker wrote in an on-chain message.

Eight hours later, the DeFi protocol announced that it had reached an agreement with the “white hat” attacker, under which the hacker would repay all loans minus a 62.16 ETH “bounty,” worth approximately $97,000 at current prices.

An hour later, Tender.fi confirmed on Twitter that the exploiter had completed loan repayment.

“Fund officially Sappho, en route to autopsy,” it read.

Related: DeFi lender Tender.fi attacked, white hat hackers suspected

Last August, the cross-chain Nomad Bridge attracted developers involved in a smart contract exploit that extracted $190 million in funds from the bridge in less than three hours.

Just a few hours later, approximately $32.6 million in funds had been returned, suggesting that some of the exploiters may have been white hat hackers trying to extract funds for safe return at a later date.

Later this month, non-fungible token company Metagame is even offering a “white hat bounty” in the form of an NFT to anyone who proves they’ve returned at least 90% of the funds stolen from the protocol.

Blockchain data from the official Nomad Funds Recovery Address shows that funds have since continued to be returned to the recovery address, with the latest transaction recorded on February 18 for $7,868 in Covalent Query Tokens (CQT).