DeFi Platform Sentiment’s Hacker Returns Funds After $1M Exploit

Three of four recent DeFi hacks have seen funds returned for bounties in a new trend. Sentiments, the DeFi protocol on the Arbitrum layer-2 network, is the latest DeFi platform getting its funds back after being exploited for $1 million on Tuesday, April 4^th.

The official Twitter handle of Sentiment on Thursday, April 6^th, announced that the negotiations with the exploiter were successful, who would now return 90% of the stolen funds. The news came after Sentiment offered a $95K bounty to the hacker or anyone who helped find the exploiter.

After successful negotiations with the exploiter, 90% of hacked funds have been returned as agreed. A full statement will follow in the coming hours.

— Sentiment (@sentimentxyz) April 6, 2023

Sentiment Hack and Negotiations

On April 5^th, the Sentiment team noticed some abnormal borrowing activity around 6:00 pm UTC on April 4^th and immediately paused the main contract to prevent further loss.

1/4

A status update on the current situation: At approximately 06:00:00 PM +UTC The Sentiment team became aware of abnormal borrowing activity which has now been declared as a malicious exploit.

— Sentiment (@sentimentxyz) April 5, 2023

According to the blockchain security firm PeckShield, the attacker exploited a read-only reentrancy bug in Balancer, a liquidity protocol that Sentiment integrates with, to manipulate pool balances and overcollateralize their financial loans on the protocol. He then used flash loans to borrow and liquidate large amounts of tokens from the exploited DeFi platform, pocketing nearly $1 million.

The team quickly patched the vulnerability thanks to the warm hands of third-party services. Once the initial measures were complete, the team attempted to contact the exploiter for negotiations.

Sentiment offered a bounty of 95K to the exploiter and no follow-up to this incident. In a message to the hacker, the protocol wrote:

“To the hacker: We will offer you $95k and will not pursue this, if you return the money by 8 am UTC on April 6th. To everyone else: if the hacker has not returned the funds by the above time, we will give any person that same $95k if you help us find and prosecute the person responsible for this theft.”

On early Thursday, April 6^th, the Sentiment team announced that negotiations were successful and the hacker had returned 90% of the funds. The team wrote:

“After successful negotiations with the exploiter, 90% of hacked funds have been returned as agreed. A full statement will follow in the coming hours.”

PechShield confirmed that the exploiter had returned most of the funds to the wallets controlled by the Sentiment team. The nature and details of the tokens involved in this incident are yet to be known. The upcoming statement might unveil this information.

It seems @sentimentxyz exploiter has returned the majority of stolen funds. Currently the returned funds are managed with a 2-3 multisig, presumably controlled by the team: https://t.co/bwmLf9zgMV pic.twitter.com/rp8HLodLzj

— PeckShield Inc. (@peckshield) April 5, 2023

Hacks have become a norm in the DeFi space. However, this week has become special as three recent hacks have seen funds returned for bounties. Euler Finance has recently recovered stolen $197 million in March 13^th exploit. In the same vein, the cross-chain DeFi bridge, Allbridge, has also been able to recover 1,500 BNB or roughly $465,000 of the $570,000 loot.