Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
A Hacker Stole $209,000 From Renegade.fi and Returned 90% Within 45 Minutes. Here Is What Happened
-
A whitehat hacker exploited a vulnerability in Renegade.fi's V1 Arbitrum-based decentralized dark pool on Sunday, draining approximately $209,000 worth of ERC-20 tokens before returning about $190,000 within 45 minutes of receiving an onchain message from the protocol asking for restitution. Blockchain analytics platform Blockaid flagged the exploit at 8:27 AM UTC, and Renegade confirmed the return of funds the same day. The hacker injected malicious logic into a faulty function to steal 27 ERC-20 tokens including $84,370 in USDC, $27,885 in wrapped Bitcoin, and $23,950 in wrapped Ether, among other assets. Renegade sent an onchain message offering the hacker a 10% whitehat bounty — approximately $20,000 — to return the remaining 90% and avoid potential civil or criminal action. The hacker complied and responded with a message explaining the motivation: "I've seen a lot of contempt toward my actions. Although I understand that what I did was not ethical, in the current DeFi cybersecurity, I believe this was the best solution to protect users' funds and ensure their safety."
The hacker also delivered a pointed critique of Renegade's security posture, describing the vulnerability exploited as "tooooo simple and bad" and noting that North Korean state-backed hackers "would never come to negotiate" — an implicit warning about what could have happened if a malicious actor had found the same flaw first. Renegade traced the root cause to two failures: deployment code that failed to assign an explicit owner to the smart contract, and a faulty migration during an April 2025 software update that together allowed anyone to rewrite the contract tied to the V1 dark pool. The protocol said only 7% of its trading volume ran through the affected pool, that it would fully compensate all affected users, and that a full post-mortem with root-cause analysis would follow. The incident resolved cleanly given the circumstances, but the hacker's parting shot about the simplicity of the vulnerability is the detail Renegade's development team should take most seriously heading into that post-mortem.
