Best crypto insights delivered straight to your inbox.
Ink Finance and Renegade exploited for $349K as DeFi hacks spill into May
- Ink Finance’s Polygon treasury contract was drained for roughly $140K after an attacker exploited a whitelisted claimer setup.
- Renegade’s legacy V1 deployment on Arbitrum lost about $209K, though a white hat reportedly recovered and returned most of the funds.
- The incidents add to a growing wave of DeFi attacks following the recent Syndicate Labs bridge exploit and April’s record smart contract losses.
Two DeFi protocols, Ink Finance and Renegade, have lost a combined $349,000 in separate exploits that occurred in less than two days.
Renegade, which raised around $3.4 million in a 2023 seed round led by Dragongly Capital, currently holds over $129,500 in total value locked across its Base and Arbitrum deployments, according to DefiLlama. The protocol held over $338,000 before the hack.
Ink Finance has not acknowledged or released any public statements on the exploit.
The latest exploits are being seen as an extension of the streak of attacks that made April 2026 the worst month on record for smart contract losses.
Ink Finance and Renegade suffer exploits
Ink Finance’s exploit was flagged by blockchain security firm Blockaid on May 11. According to Blockaid, the attacker drained approximately $140,000 from the protocol’s Workspace Treasury Proxy contract on Polygon.
The bad actors deployed a contract at an address matching a whitelisted claimer entry in Ink Finance’s Workspace controller, then called the claim function to pass the eligibility check and trigger an authorized transfer from the treasury proxy.
Renegade, the dark pool DEX, suffered its own exploit the previous day, May 10. Confirming a post by Blockaid, the protocol stated that a legacy V1 deployment on Arbitrum was exploited for approximately $209,000.
It informed the public that the white hat has already returned around $190k and added that all affected users will be made whole.
Renegade confirmed that the vulnerability was isolated to the V1 Arbitrum deployment and did not affect its other contracts.
Syndicate bridge losses add to the toll
The two exploits follow a string of incidents that began in late April. On April 30, Syndicate Labs announced it had suffered a security incident. This was a private key compromise that enabled malicious upgrades to bridge contracts on two chains, and resulted in the loss of around 18.5 million SYND tokens and $50,000 in other tokens.
On May 10, Syndicate stated that it had reimbursed all affected SYND holders on Commons Chain in full, plus an additional 15% of the total amount lost. The reimbursements were sent directly to affected wallets on Base, with gas fees covered by Syndicate Labs.
AI-assisted attacks raise the stakes
DeFi exploits are on the rise at a pace never seen before. There is growing evidence that AI tools are being leveraged to lower the barrier for attackers.
An a16z Crypto research discovered that an off-the-shelf AI coding agent, given only a contract address and basic developer tools, could independently identify and exploit smart contract vulnerabilities 10% of the time. The success rate went up seven times to 70% when the agent was provided with structured knowledge about common attack patterns.
GoPlus Security reportedly flagged four separate smart contract exploits on Ethereum mainnet within a 48-hour window ending April 29, with combined losses exceeding $1.5 million, per the same report. The firm sees the current pace of AI-assisted attacks as a “countdown-by-the-second era.”
Still letting the bank keep the best part? Watch our free video on being your own bank.
FAQs
How much did the Ink Finance exploit cost?
Blockaid reported approximately $140,000 was drained from Ink Finance's Workspace Treasury Proxy on Polygon on May 11, after an attacker deployed a contract matching a whitelisted claimer address to pass the eligibility check.
Were Renegade users compensated after the exploit?
Renegade said a whitehat returned roughly $190,000 of the $209,000 stolen from its legacy V1 Arbitrum deployment, and the protocol confirmed all affected users would be made whole.
How are AI tools contributing to DeFi exploits?
Research from a16z crypto found that AI coding agents given structured knowledge about common attack patterns could exploit smart contract vulnerabilities 70% of the time, up from 10% with only basic tools.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)