A recent attack on the Renegade protocol highlights the importance of robust security measures in decentralized finance (DeFi). A white hat hacker exploited a vulnerability in the protocol's smart contract, stealing $209,000 in ERC-20 tokens from its V1 pool on Arbitrum.
The hack was detected by analytics platform Blockaid at 8:27 UTC, with the attacker withdrawing funds within minutes. However, in less than 45 minutes, the hacker returned nearly $190,000 to the Arbitrum address '0xE4A...5CFBE', which included USDC, wrapped Bitcoin, and wrapped Eth.
Renegade attributed the vulnerability to a faulty migration in its April 2025 update, which allowed anyone to overwrite the contract linked to the V1 pool. The hacker injected malicious logic into a defective function to carry out the theft.
Renegade responded to the incident by sending an on-chain message offering the hacker 10% of the funds as a bounty in exchange for the return of the remaining 90%. The hacker complied, justifying their actions as a necessary measure to protect users' funds. Renegade has promised to compensate affected users and publish a forensic analysis of the incident.