{"id":28119,"date":"2026-05-11T07:22:25","date_gmt":"2026-05-11T07:22:25","guid":{"rendered":"https:\/\/bitunikey.com\/news\/renegade-recovers-190k-after-whitehat-returns-stolen-crypto\/"},"modified":"2026-05-11T07:22:49","modified_gmt":"2026-05-11T07:22:49","slug":"renegade-recovers-190k-after-whitehat-returns-stolen-crypto","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/renegade-recovers-190k-after-whitehat-returns-stolen-crypto\/","title":{"rendered":"Renegade recovers $190K after whitehat returns stolen crypto"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p>Renegade.fi has recovered about $190,000 after a whitehat hacker exploited a vulnerability in one of its Arbitrum-based dark pools and later returned more than 90% of the stolen assets.<\/p>\n<div id=\"cn-block-summary-block_14d929f17ea6ff56bc43a1c20d1cc3bf\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Renegade recovered about $190,000 after a white hat hacker returned more than 90% of the stolen funds.<\/li>\n<li>The exploit targeted a faulty function tied to Renegade\u2019s V1 Arbitrum dark pool.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Blockchain security firm Blockaid <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/blockaid_\/status\/2053395937708384587\" target=\"_blank\" rel=\"nofollow\">said<\/a> the exploit drained roughly $209,000 from Renegade\u2019s V1 Arbitrum dark pool at 8:27 am UTC on Sunday after an attacker injected malicious logic into a faulty function tied to the protocol\u2019s resolver infrastructure.\u00a0<\/p>\n<p>Arbiscan data showed that about $190,000 was later sent back to the wallet address \u201c0xE4A\u20265CFBE,\u201d including $84,370 in USDC (USDC), $27,885 in wrapped Bitcoin, and $23,950 in wrapped Ether.<\/p>\n<p>In an on-chain message sent after the attack, Renegade <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/arbiscan.io\/idm?addresses=0xf4c75938e590d9095939001e17c67ad86f243d8a,0x777253f28adc29645152b7b41be5c772a9657777&amp;type=1\" target=\"_blank\" rel=\"nofollow\">offered<\/a> the exploiter a 10% \u201cwhitehat bounty\u201d in exchange for returning the remaining funds and warned that failure to cooperate could expose them to potential \u201ccivil or criminal action.\u201d Within 45 minutes, the attacker transferred back more than 90% of the assets.<\/p>\n<p>\u201cI\u2019ve seen a lot of contempt toward my actions,\u201d the whitehat wrote in a response shared onchain.\u00a0<\/p>\n<p>\u201cAlthough I understand that what I did was not ethical, in the current DeFi cybersecurity, I believe this was the best solution to protect users\u2019 funds and ensure their safety.\u201d<\/p>\n<p>Another message from the exploiter said the vulnerability was \u201ctooooo simple and bad,\u201d while also claiming that North Korean-linked hackers \u201cwould never come to negotiate.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Faulty migration exposed Arbitrum dark pool<\/h2>\n<p>Renegade has <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/renegade_fi\/status\/2053531772634427599\" target=\"_blank\" rel=\"nofollow\">confirmed<\/a> that the incident stemmed from deployment code that failed to assign an explicit owner to the contract, combined with a faulty migration introduced during an April 2025 software update.\u00a0<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>According to the protocol, the flaw allowed anyone to rewrite the smart contract connected to its V1 Arbitrum dark pool.<\/p>\n<p>Dark pools allow large traders to execute transactions privately without exposing order size or direction to the open market. Renegade said only 7% of its trading activity passed through the affected V1 Arbitrum pool and added that impacted users would be compensated directly.<\/p>\n<p>A post-mortem and \u201cfull root-cause analysis\u201d are expected to be released by the protocol in the coming days.<\/p>\n<p>Recent exploits involving resolver systems, proxy contracts, and admin permissions have pushed fresh scrutiny onto DeFi infrastructure design.\u00a0<\/p>\n<p>On May 7, liquidity provider TrustedVolumes lost roughly $5.87 million after attackers targeted a custom RFQ swap proxy tied to 1inch infrastructure. Blockaid linked the attacker to the March 2025 1inch Fusion V1 exploit, although it said the newer incident relied on a separate vulnerability involving the proxy setup.<\/p>\n<p>Debate over contract risk intensified further after 1inch co-founder Sergej Kunz criticized shared-pool lending systems following the Kelp DAO rsETH exploit that disrupted liquidity on Aave.\u00a0<\/p>\n<p>Kunz argued that \u201cone weak collateral listing can affect an entire reserve\u201d and later promoted intent-based lending systems where users negotiate fixed loan terms without relying on shared liquidity pools.<\/p>\n<p>Separate reporting from crypto.news also showed that Wasabi Protocol lost more than $5 million across Ethereum, Base, Berachain, and Blast after security firms identified a compromised admin key that allowed attackers to upgrade contracts and drain funds.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Renegade.fi has recovered about $190,000 after a whitehat hacker exploited a vulnerability in one of its Arbitrum-based dark pools and later returned more than 90% of the stolen assets. Summary&hellip;<\/p>\n","protected":false},"author":1,"featured_media":11452,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-28119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=28119"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28119\/revisions"}],"predecessor-version":[{"id":28120,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28119\/revisions\/28120"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/11452"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=28119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=28119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=28119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}