Negotiations with hackers yielded $870K for Sentiment

By offering a $95,000 bounty to the hacker, the lending protocol used by Sentiment was able to recover the funds taken in the recent breach.

Sentiment sent a message to the hacker via an on-chain transaction on the Arbitrum blockchain, offering $95,000 if the funds were returned by April 6 and encouraging the hacker to “do the right thing.” If the hacker did not return the funds, the protocol offered them to anyone who could assist in locating and prosecuting the perpetrator.

Taylor Monahan, a developer for MetaMask, monitored the progress and noted that the intruder had returned 414 Ether, worth approximately $771,000. The perpetrator eventually returned an additional 51.75 ETH to the Sentiment recovery address. Following the transaction, the lending protocol confirmed receipt of the funds.

The breach occurred on April 4. Some on-chain investigators hypothesized that the attack may have been a re-entry attack, while others stated that the perpetrator exploited a vulnerability. After some time, community members verified that the losses were closer to $1 million than the initial estimates of approximately $500,000.

In the meantime, a member of the community concluded that the entire debacle was the result of corporations not taking bug bounties seriously and lauded the hacker for “taking it by force.” Another Twitter user, however, characterized the incident as “a bug bounty with a criminal step” and exhorted companies to offer larger and more transparent bug bounties.

The incident is comparable to the recent breach at Euler Finance. After offering a bounty on April 4, the Ethereum protocol convinced a hacker to return approximately 90 percent of the stolen funds. The perpetrator returned approximately $176,4 million in digital assets while retaining nearly $20 million for himself.