Ethical Hacker Returns $190K to Renegade Protocol Following Security Breach
An ethical hacker has given back $190,000 to the Arbitrum-based dark pool protocol Renegade just hours after exploiting a vulnerability in one of its deployment smart contracts.
According to the Renegade.fi protocol's development team, an ethical hacker has returned approximately $190,000 following the exploitation of one of its decentralized dark pools on Arbitrum. The individual complied with an onchain request to give back 90% of the exploited assets.
The protocol confirmed the funds' recovery on Sunday following an alert from blockchain analytics platform Blockaid, which detected the $209,000 security breach at 8:27 am UTC. The individual exploited a vulnerability by introducing malicious code into a defective function connected to its V1 Arbitrum dark pool, successfully extracting 27 different ERC-20 tokens.
According to data available on Arbiscan, the Arbitrum blockchain explorer, the ethical hacker transferred roughly $190,000 back to the Arbitrum wallet address "0xE4A…5CFBE." The returned assets consisted of $84,370 in USDC (USDC), $27,885 worth of wrapped Bitcoin, and $23,950 in wrapped Ether.
Ethical hackers have increasingly become vital players in combating malicious actors who persistently target crypto protocols, even as security protocols have been reinforced in recent years.
Several industry-wide efforts, such as the Safe Harbor framework established by the Security Alliance, a crypto security nonprofit organization, have been created to allow ethical hackers to temporarily secure vulnerable funds while receiving legal protection.
Through an onchain communication, Renegade requested that the hacker give back 90% of the exploited assets and retain the remaining 10% as a "whitehat bounty" in order to avoid potential "civil or criminal action."
Within 45 minutes, the ethical hacker transferred back over 90% of the exploited assets and responded to the onchain communication by explaining that the action was motivated by a desire to safeguard DeFi users:
"I've seen a lot of contempt toward my actions. Although I understand that what I did was not ethical, in the current DeFi cybersecurity, I believe this was the best solution to protect users' funds and ensure their safety."
The ethical hacker further suggested that Renegade needs to strengthen its security infrastructure, noting that the exploited vulnerability was "tooooo simple and bad."
They emphasized that North Korean state-backed hackers "would never come to negotiate," they added.
According to Renegade, the security breach seems to have stemmed from deployment code that neglected to designate an explicit owner and from a defective migration during a software update in April 2025. This allowed any individual to modify the smart contract associated with its V1 Arbitrum dark pool.
Dark pools function as private trading venues that facilitate large-scale transactions without revealing their details to, or affecting, the wider market.
Renegade stated that it plans to release a post-mortem report containing a "full root-cause analysis" that will detail the security incident.
According to Renegade, it will provide full compensation to impacted users, noting that the V1 Arbitrum dark pool handled only 7% of its total trading volume and that it plans to reach out to the "small number of affected users directly."