TL;DR:
The decentralized dark pools protocol Renegade was attacked on Sunday by a white hat hacker who withdrew 27 ERC-20 tokens from its V1 pool on the Arbitrum network, valued at approximately $209,000 according to blockchain security platform Blockaid, which detected the incident at 8:27 UTC. In less than 45 minutes, the hacker returned nearly $190,000 to the Arbitrum address “0xE4A…5CFBE”, which included $84,370 in USDC, $27,885 in wrapped Bitcoin and $23,950 in wrapped Eth.
The attack was possible because the deployment code did not assign an explicit owner to the smart contract, and a faulty migration in the April 2025 software update allowed anyone to overwrite the contract linked to the V1 pool. The hacker injected malicious logic into a defective function to carry out the theft.
Renegade responded to the incident by sending an onchain message in which it offered the hacker 10% of the funds as a bounty in exchange for the return of the remaining 90%, also warning them of potential civil or criminal action if the agreement was not honored.
The hacker complied and justified their actions in a response also recorded on-chain: “Although I understand that what I did was not ethical, in the current context of DeFi cybersecurity, I believe this was the best solution to protect users’ funds.” They also pointed out that the exploited vulnerability was “too simple and severe“, urging the team to strengthen its security measures. The hacker added that actors such as North Korean hackers “would never come to negotiate.”
The protocol confirmed that only 7% of its trading volume was processed through the affected V1 pool, meaning the operational impact was limited. Renegade committed to contacting affected users directly, compensating them in full and publishing a complete forensic analysis of the incident. Dark pools are private trading platforms designed to execute large transactions without exposing participants’ intentions to the broader market, which makes them sensitive infrastructure within the DeFi ecosystem.
