- A whitehat Hacker returned roughly $190,000 to the Renegade protocol after exploiting a vulnerability in its Arbitrum-based decentralized dark pool.
- The hacker was offered a 10% “whitehat bounty” in an onchain message that also warned of potential legal action if funds were not returned.
- The exploit stemmed from a faulty software update that allowed anyone to rewrite the smart contract for the V1 Arbitrum dark pool.
- Renegade confirmed it will fully compensate affected users, noting only a small number were impacted by the incident.
A whitehat hacker has returned approximately $190,000 to the Renegade.fi protocol after exploiting one of its decentralized dark pools on the Arbitrum network, confirmed by the team on Sunday. The incident, which involved injecting malicious logic into a faulty function, was initially flagged by blockchain analytics platform Blockaid after a $209,000 theft of 27 different tokens. Consequently, Renegade responded by sending an onchain message with specific instructions for the hacker.
The protocol asked for 90% of the funds to be returned, offering the remaining 10% as a bounty to avoid potential civil or criminal action. Data from Arbiscan shows the whitehat returned the funds, including $84,370 in USDC, to a designated wallet within 45 minutes. In a response, the hacker stated, “I believe this was the best solution to protect users’ funds and ensure their safety.”
However, the hacker also criticized the protocol’s security, calling the exploited vulnerability “tooooo simple and bad.” Renegade explained the issue resulted from a failed deployment code and a faulty migration in an April 2025 software update. This failure enabled unauthorized rewriting of the smart contract for its V1 Arbitrum dark pool.
Meanwhile, initiatives like the Security Alliance’s Safe Harbor framework aim to legally protect whitehat Hackers who secure funds. The protocol stated it will publish a full post-mortem analysis of the security incident. Renegade also assured it would fully compensate the small number of affected users, as only 7% of its trading volume used the compromised V1 pool.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
