In a surprising turn of events, Sentiment, a lending protocol, has managed to recover the stolen funds from a recent hack by offering the hacker a bounty worth $95,000. The protocol sent a message to the hacker in an on-chain transaction on the Arbitrum blockchain, urging them to “do the right thing” and return the funds by April 6. In addition, if the hacker failed to comply, Sentiment offered the same amount of money to anyone who could help find and prosecute the culprit.
MetaMask developer Taylor Monahan tracked the progress and confirmed that the hacker had returned 414 ETH (worth around $771,000) in an initial transaction, with an additional 51.75 ETH later returned to the Sentiment recovery address. The lending protocol subsequently confirmed the return of the funds.
The hack occurred on April 4, and while some on-chain sleuths suggested that it may have been a re-entry attack, others believed that it was due to a bug. Initial estimates of the lost funds were around $500,000, but community members later confirmed that the losses were closer to $1 million. There is no doubt that The incident has sparked a debate on bug bounties, with some community members praising the hacker for “taking it by force,” while others describe the incident as “a bug bounty with a criminal step” and call for larger and more transparent bug bounties from companies.
Nonetheless, the Sentiment hack draws similarities to the recent Euler Finance hack, where the Ethereum protocol convinced a hacker to return around 90% of the stolen funds after offering a bounty. The hacker returned around $176.4 million in digital assets while keeping almost $20 million. These incidents highlight the importance of proactive security measures and the need for companies to take bug bounties seriously.