Darius Baruo
Might 11, 2026 06:12
A whitehat hacker returned $190,000 to Renegade’s Arbitrum darkish pool after exploiting a vulnerability. Renegade guarantees compensation and a full evaluation.
A whitehat hacker has returned $190,000 to the builders of Renegade, an Arbitrum-based decentralized darkish pool protocol, simply hours after exploiting flaws in one in every of its sensible contracts. The protocol confirmed the return of funds on Might 10, following an exploit that originally netted the hacker $209,000 value of crypto property.
The breach focused Renegade’s V1 Arbitrum darkish pool, the place the attacker leveraged a defective operate to inject malicious logic and steal 27 completely different ERC-20 tokens. Blockchain analytics platform Blockaid flagged the exploit at 8:27 AM UTC. In response, Renegade communicated with the hacker by way of an onchain message, providing a ten% “whitehat bounty” in trade for the secure return of 90% of the stolen funds and a promise to keep away from authorized penalties.
Based on blockchain knowledge, the hacker complied, transferring $190,000 value of property again to Renegade’s pockets. The returned funds included $84,370 in USDC, $27,885 in wrapped Bitcoin, and $23,950 in wrapped Ether.
Of their onchain response, the hacker justified the exploit as a measure to guard DeFi customers from potential vulnerabilities, although they acknowledged the moral issues surrounding their actions. Additionally they criticized Renegade’s safety, calling the exploited vulnerability “too easy and unhealthy.”
Renegade attributes the exploit to deployment code that did not assign an specific proprietor and flaws in a migration throughout an April 2025 software program replace. These oversights allowed unauthorized people to rewrite the sensible contract governing its V1 darkish pool.
The incident highlights the continuing function of whitehat hackers in figuring out and mitigating vulnerabilities within the DeFi house. Initiatives like Safety Alliance’s Secure Harbor framework purpose to offer authorized cowl for moral hackers who briefly take management of funds for safekeeping.
Renegade has said it can publish a full autopsy evaluation to clarify the basis causes of the breach. The protocol additionally assured customers that solely 7% of its buying and selling quantity was processed by way of the compromised darkish pool and that affected customers could be totally compensated. The crew is contacting impacted customers on to resolve the incident.
Darkish swimming pools, just like the one operated by Renegade, enable giant trades to be executed privately, shielding members from market influence. Nevertheless, this case underscores the significance of sturdy safety measures in such platforms, notably as they appeal to important liquidity.
Picture supply: Shutterstock
