The perpetrator behind the $14.5 million exploit carried out on DeFi platform Team Finance has started returning his loot, indicating that this was a white hat attack.
Team Finance projects get 90% of their funds
According to blockchain security firm SlowMist, the projects affected by the hack have received $7 million from the hacker so far. Projects who are confirmed to have received refunds include Tsuka (765,000 DAI), Kondux (209 ETH), $CAW (5,073,000 DAI) and FEG (548 ETH).
The hacker has identified themselves as a whitehat, i.e a hacker who identifies vulnerabilities in a software and has no malafide intentions. However, the hacker will be keeping 10% of the exploited funds as bug bounty.
As per Team Finance’s official website, all services have been restored and are running correctly.
“All user funds are unaffected and safe,” the website reads.
More on the hack
Team Finance was alerted about the hack on their platform on 27 October, which led to a loss of $14.5 million. The exploit occurred during the platform’s migration from Uniswap v2 to v3. Interestingly, the smart contract involved in the hack was previously audited.
The protocol, which has $3 billion secured over 12 blockchains, immediately suspended all activities on the platform and urged the hacker to get in touch in order to discuss a bug bounty.
Ethereum Input Data Messages (IDM) obtained from Etherscan show the plight of the users affected by this exploit. Helpless users lined up in the hacker’s chat box to request refunds. The hacker responded by clarifying that he is a white hat and plans to return the majority of the looted funds.
Data from Defi Llama revealed that Team Finance’s total value locked (TVL) plunged by as much as 14% in the hours following the hack, going from $147 million to $126.9 million. That figure has since climbed back up to $135.25 million.
Even as the month ends, bad actors in the space continue to exploit crypto-projects, cementing October’s name as Hacktober.