Bounty Offer and Successful Recovery
Sentiment was able to recover the stolen funds by offering a $95,000 bounty to the hacker.
After successful negotiations with the exploiter, 90% of hacked funds have been returned as agreed. A full statement will follow in the coming hours.
— Sentiment (@sentimentxyz) April 6, 2023
In an on-chain message on the Arbitrum blockchain, the lending protocol urged the hacker to “do the right thing” and return the stolen assets by April 6. They also offered the same amount to anyone who could help locate and prosecute the culprit if the hacker failed to return the funds.
MetaMask developer Taylor Monahan monitored the situation and reported that the hacker returned 414 Ether (ETH), equivalent to about $771,000, in an initial transaction. Later, another 51.75 ETH was sent to Sentiment’s recovery address. The lending protocol confirmed receipt of the funds following these transactions.
Details of the Hack
The hack occurred on April 4, with on-chain analysts speculating that it may have been a re-entry attack or exploiting a bug. Initial estimates of the stolen funds were around $500,000, but community members later confirmed the losses were closer to $1 million.
Debate Over Bug Bounties
One community member argued that the incident highlights the need for companies to take bug bounties more seriously, commending the hacker for “taking it by force.” Another Twitter user described the situation as “a bug bounty with a criminal step” and urged companies to offer larger, more transparent bounties.
Similarities with Euler Finance Hack
The Sentiment incident bears resemblance to the recent Euler Finance hack. On April 4, the Ethereum protocol persuaded a hacker to return around 90% of the stolen funds after offering a bounty. The hacker returned approximately $176.4 million in digital assets, keeping nearly $20 million for themselves.
How much did Sentiment recover from the hacker?
Sentiment successfully recovered $870,000 worth of stolen funds, which accounts for 90% of the assets taken during the recent hack.
How did Sentiment recover the stolen funds?
The lending protocol offered a $95,000 bounty to the hacker for the return of the stolen assets. They also offered the same amount to anyone who could help locate and prosecute the culprit if the hacker failed to return the funds.
What type of attack was used in the hack?
On-chain analysts suggested that the attack may have been a re-entry attack or an exploitation of a bug. The exact method remains unconfirmed.
What was the initial estimate of the stolen funds?
Initial estimates of the stolen funds were around $500,000. However, community members later confirmed that the losses were closer to $1 million.
How does this incident relate to bug bounties?
Some community members argue that this incident highlights the importance of companies taking bug bounties more seriously, urging for larger and more transparent bounties to encourage responsible disclosure of security vulnerabilities.
What other recent hack has similarities to the Sentiment incident?
The Sentiment incident is similar to the recent Euler Finance hack, where the Ethereum protocol convinced a hacker to return around 90% of the stolen funds after offering a bounty.