Whitehat Hacker Returns $190K to Renegade After Exploit

Darius Baruo May 11, 2026 06:12

A whitehat hacker returned $190,000 to Renegade's Arbitrum dark pool after exploiting a vulnerability. Renegade promises compensation and a full analysis.

A whitehat hacker has returned $190,000 to the developers of Renegade, an Arbitrum-based decentralized dark pool protocol, just hours after exploiting flaws in one of its smart contracts. The protocol confirmed the return of funds on May 10, following an exploit that initially netted the hacker $209,000 worth of crypto assets.

The breach targeted Renegade's V1 Arbitrum dark pool, where the attacker leveraged a faulty function to inject malicious logic and steal 27 different ERC-20 tokens. Blockchain analytics platform Blockaid flagged the exploit at 8:27 AM UTC. In response, Renegade communicated with the hacker through an onchain message, offering a 10% "whitehat bounty" in exchange for the safe return of 90% of the stolen funds and a promise to avoid legal consequences.

According to blockchain data, the hacker complied, transferring $190,000 worth of assets back to Renegade's wallet. The returned funds included $84,370 in USDC, $27,885 in wrapped Bitcoin, and $23,950 in wrapped Ether.

In their onchain response, the hacker justified the exploit as a measure to protect DeFi users from potential vulnerabilities, though they acknowledged the ethical concerns surrounding their actions. They also criticized Renegade's security, calling the exploited vulnerability "too simple and bad."

Renegade attributes the exploit to deployment code that failed to assign an explicit owner and flaws in a migration during an April 2025 software update. These oversights allowed unauthorized individuals to rewrite the smart contract governing its V1 dark pool.

The incident highlights the ongoing role of whitehat hackers in identifying and mitigating vulnerabilities in the DeFi space. Initiatives like Security Alliance's Safe Harbor framework aim to provide legal cover for ethical hackers who temporarily take control of funds for safekeeping.

Renegade has stated it will publish a full post-mortem analysis to explain the root causes of the breach. The protocol also assured users that only 7% of its trading volume was processed through the compromised dark pool and that affected users would be fully compensated. The team is contacting impacted users directly to resolve the incident.

Dark pools, like the one operated by Renegade, allow large trades to be executed privately, shielding participants from market impact. However, this case underscores the importance of robust security measures in such platforms, particularly as they attract significant liquidity.

• defi
• hacking
• arbitrum
• whitehat