The hacker who exploited the Sentiment DeFi platform has returned nearly all of the funds, according to the team. This is yet another occasion when the exploiter has returned funds.
The hacker behind the Sentiment attack has returned 90% of all funds, the team announced on April 6. The Sentiment hacker had conducted the exploit on April 4, stealing an estimated amount of nearly $1 million.
The hacker used a reentrancy attack to siphon the funds. The team quickly responded, plugging a fix thanks to a third-party security auditor. The specific method was described as “used view re-entrance Balancer bug to execute malicious code before pool balances were updated and steal money using overpriced collateral.”
There are not many more details on the return of the funds yet. The Sentiment team has confirmed that it will publish a full statement in a few hours, which should give the crypto community more information on what transpired. As it stands, the team’s successful negotiation with the hacker has resulted in offering 10% as a bounty.
This hasn’t been confirmed, but it appears that way, given recent trends concerning security incidents. PeckShield reported that a two or three multi-sig wallet manages the returned funds. More interestingly, it appears that the bounty value is about $98,000 to Tornado Cash.
The Sentiment team quickly attempted to reach out to the hacker to negotiate a return of the funds. Reports emerged that the team was willing to offer a bounty close to $100,000, and it seems to be that way. The team had also published a bounty on ImmuneFi.
The team was firm in its position, telling the hacker the following,
“To the hacker: We will offer you $95k and will not pursue this, if you return the money by 8 am UTC 6 April. To everyone else: if the hacker has not returned the funds by the above time, we will give any person that same $95k if you help us find and prosecute the person responsible for this theft.”
Returning Stolen Funds for Bounty a New Trend?
Hacks are all too common in the DeFi space, with the Sentiment hacker only adding to what is already a long list. However, what has been particularly interesting is that many hackers have been returning funds for bounties in recent weeks. Three of four recent hacks have seen funds returned for bounties.
Euler Finance, a $197 million hack, was one of them. The team successfully negotiated the return of the funds, which led to the EUL token price recovering.
The other incident was the Allbridge hack, with the team stating that it had recovered 1,500 BNB from the attacker. Allbridge identified the hacker in a day.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
Source: https://beincrypto.com/defi-trend-sentiment-hacker-returns-90-stolen-funds-exploit/