After Whitehat kidnaps them, he returns $190,000 to Renegade
The team behind the Renegade.fi protocol recovered $190,000 after a whitehat hacker used one of its arbitrage-based decentralized dark pools and followed instructions in an onchain message to return 90% of its funds.
Renegade confirmed the refund on Sunday, blockchain analytics platform Blockaid pointed to the $209,000 exploit at 8:27 am UTC. The hacker used malicious logic tied to the V1 Arbitrum dark pool to steal 27 ERC-20 tokens.
Data from Arbitrum block explorer Arbiscan shows that Whitehat returned about $190,000 to Arbittrum wallet address “0xE4A…5CFBE”, which is $84,370 worth of USDC (USDC), $27,885 in wrapped Bitcoin and $23,950 in wrapped Ether.
Source: Renegade
White hat hackers have played a vital role in the fight against exploiters who continue to exploit crypto protocols in recent years, despite strengthened security measures.
As a crypto security non-profit, the Security Alliance Safe Harbor framework was established to protect white hats from stealing money for temporary protection while being legally protected.
In an onchain message, Renegade demanded that the hacker return 90% of the money and keep the remaining 10% as a “white bounty” to avoid “civil or criminal action.”
Renegade's onchain message to the hacker. Source: Arbiscan
The white hat hacker recovered more than 90% of the stolen funds within 45 minutes and responded to an OnChain message saying that the move was made to protect DeFi users:
“I have seen a lot of disdain for my actions. Although I understand that what I did was unethical, I believe that with the current state of DeFi's cybersecurity, this is the best solution to protect users' money and ensure their safety.”
The white hat hacker hinted that Renegade needs to strengthen its security measures, describing the exploited vulnerability as “very simple and bad”.
Related: Crypto Hackers Steal $17 Billion Over Last 10 Years: Defillama
North Korean government-sponsored hackers “will never come to negotiate,” he added.
According to Renegade, the exploit appears to have been created by not assigning a clear owner to the deployment code and a faulty migration in the April 2025 software update, which would have allowed anyone to rewrite the modern contract associated with V1 Arbitrum's dark pool.
Dark pools are private trading platforms that allow large trades to take place without revealing their intentions or affecting the wider market.
Renegade added that it will publish a post-mortem with a “full root-cause analysis” explaining the security incident.
Renegade says it fully reimburses affected users, and that only 7% of its transaction volume is channeled through the V1 Arbitrum dark pool, and that it “contacts the affected minority users directly.”
Magazine: AI-Driven Hacks Could Kill DeFi – Unless Projects Act Now
