A legacy deployment of Renegade.fi’s on‑chain dark pool on Arbitrum was exploited for roughly $209,000, but the attacker quickly returned about $190,000 after the team publicly offered a 10% “whitehat bounty” and hinted at possible legal action. The incident stemmed from a vulnerable V1 Arbitrum dark pool contract whose deployment and migration process left an initializer/ownership path effectively unprotected, allowing arbitrary logic to be injected into the proxy and used to drain funds. Blockchain security firm Blockaid first flagged the exploit at around 8:27 am UTC, noting that malicious logic had been inserted into a faulty function tied to Renegade’s V1 Arbitrum dark pool, enabling the theft of 27 ERC‑20 tokens worth about $209,000. The attacker moved assets including roughly $84,000 in USDC, $27,885 in wrapped Bitcoin (WBTC) and $23,950 in wrapped Ether (WETH) before sending back more than 90% of the funds—about $190,000—to a Renegade‑controlled Arbitrum address within roughly 45 minutes. In an on‑chain message, Renegade told the attacker to return 90% and keep the remaining 10% as a whitehat reward to avoid potential “civil or criminal action,” an offer the attacker accepted while later criticizing the protocol’s security as “too simple and bad” in a follow‑up on‑chain response. Renegade later attributed the root cause to deployment code that failed to assign an explicit contract owner, combined with a faulty migration introduced in an April 2025 software update, which together allowed anyone to rewrite the V1 Arbitrum dark pool contract. The team stressed that the issue was isolated to this legacy V1 Arbitrum deployment—other deployments such as V1 Base, V2 Arbitrum, and V2 Base remained unaffected—and that only about 7% of the protocol’s trading volume flowed through the compromised pool. Renegade has suspended infrastructure for V1 Arbitrum, pledged full compensation for the small set of impacted users, and promised a detailed post‑mortem and root‑cause analysis, making the case a prominent example of how DeFi protocols increasingly rely on whitehat incentives and rapid on‑chain negotiation to contain smart‑contract incidents.

AI-generated background, compiled from web sources — not editorial content.

More coverage

Explore the topic

More on $USDC

Starknet adds shielded USDC balances and private transfers through STRK20, with Ready and XVerse integrations

Starknet adds shielded USDC balances and private transfers through STRK20, with Ready and XVerse integrations

starknet.io ·

Circle and Nomura target $440B-a-day Japan FX market with USDC settlement by 2027

Circle and Nomura target $440B-a-day Japan FX market with USDC settlement by 2027

Coindesk ·

Midas launches its tokenized private credit product mGLOBAL on Aave Horizon, letting investors borrow USDC against real-world assets while maintaining yield exposure

Midas launches its tokenized private credit product mGLOBAL on Aave Horizon, letting investors borrow USDC against real-world assets while maintaining yield exposure

The Block ·

MainStreet-linked MSUSD plunges 85% as Morpho msY/USDC hits 100% utilization and $18M exposure

MainStreet-linked MSUSD plunges 85% as Morpho msY/USDC hits 100% utilization and $18M exposure

𝕏/@peckshieldalert ·

Kelp sets June 15, 2027 deadline for rsETH recovery from sunset networks with 100 USDC fee

Kelp sets June 15, 2027 deadline for rsETH recovery from sunset networks with 100 USDC fee

blogs.kerneldao ·

Kraken brings Solana DEX trading to its main app, letting users access thousands of onchain tokens via USD and USDC while planning support for more networks

Kraken brings Solana DEX trading to its main app, letting users access thousands of onchain tokens via USD and USDC while planning support for more networks

The Block ·

Explore the full feed

Comments

Up nextBinance founder CZ backs efforts to make the U.S. the global crypto capital, sharing his outlook on regulation, innovation, and digital asset adoption