Lending protocol Sentiment has managed to recover the stolen funds from the recent hack by offering the hacker a bounty worth $95,000.
In an on-chain transaction on the Arbitrum blockchain, Sentiment sent a message to the hacker offering $95,000 if the hacker returned the funds by April 6, urging the hacker to “do the right thing.“ If the hacker did not return the funds, the protocol also offered the money to anyone who could help find and prosecute the culprit.
MetaMask developer Taylor Monahan tracked the progress and highlighted that the hacker had returned 414 Ether (ETH), worth around $771,000, in an initial transaction. Eventually, the hacker returned another 51.75 ETH to the Sentiment recovery address. After the transaction, the lending protocol confirmed that they had received the funds.
The hack was performed on April 4. Some on-chain sleuths suggested that the attack may have been a re-entry attack, while others said that the attacker relied on a bug. Initial estimates of the lost funds were around $500,000, but after a while, community members confirmed that the losses were closer to $1 million.
Meanwhile, a community member concluded that the entire fiasco is a result of companies not taking bug bounties seriously and praised the hacker’s efforts for “taking it by force.” On the other hand, another Twitter user described the incident as just “a bug bounty with a criminal step,” and urged companies to offer larger and more transparent bug bounties.
Hackers are redefining bounty programs. Why take smol bounty when big bounty better.
— ru (@ru_defi) April 6, 2023
The incident draws some similarities to the recent Euler Finance hack. On April 4, the Ethereum protocol convinced a hacker to return around 90% of the stolen funds after offering a bounty. The hacker returned around $176.4 million in digital assets while keeping almost $20 million.