This story is updated with new information to reflect the fact that the white hacker has since returned the funds to Tender.fi.

An ethical hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, leading the service to halt borrowing while it attempts to recoup its assets.

Web3-focused smart contract auditor CertiK, and blockchain analyst Lookonchain, flagged an exploit that saw funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing “an unusual amount of borrows” through the protocol:

A white hat hacker that carried out the exploit made contact with Tender.fi in the hours after the incident to open discussions about returning funds that were siphoned through the exploit. White hat hackers are also known as ethical hackers and typically look for and take advantage of security flaws in different protocols before returning funds.

Cointelegraph reached out to CertiK to unpack the situation, which highlighted that the exploiter left an on-chain message which has been verified on the Arbitrum Blockchain Explorer:

The input data reads: “It looks like your oracle was misconfigured. contact me to sort this out.”

Lookonchain provided further details of the exploit, citing blockchain data showing that the white hat hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at $71 at the time of writing.

Related: $700,000 drained from BNB Chain-based DeFi protocol LaunchZone

Tender.fi has since confirmed that the white hat hacker has returned the funds that were siphoned from the protocol in the exploit, getting a $97,000 bounty reward.

DeFi protocols have been the target of hackers in early 2023, with seven different platforms losing over $21 million in February alone. Hackers also took advantage of an oracle exploit in Jan. 2023, seeing over $120 million stolen from BonqDAO.