Image credit: Shutterstock
Renegade recovered about $190,000 after a whitehat hacker exploited its legacy V1 Arbitrum dark pool and returned most of the funds shortly after an on-chain bounty message. The exploit drained roughly $209,000 from Renegade’s legacy V1 deployment on Arbitrum.
The protocol later sent an on-chain message asking the hacker to return 90% of the funds in exchange for a bounty and legal assurances. The hacker complied soon after, leaving about 10% of the funds as a whitehat bounty.
$209K Exploit Ends With 90% Fund Return
Renegade said the returned funds accounted for more than 90% of the stolen assets. The remaining amount was treated as a bounty after the hacker followed the protocol’s instructions.
The hacker said the action was taken to protect users’ funds and DeFi users, according to reports on the incident. The exploit was still unauthorized, even though most of the funds were returned quickly.
April 2025 Migration Opened V1 Contract Flaw
Renegade later said the exploit appeared to involve two problems in its deployment process. One issue was code that failed to assign a clear owner to the smart contract. The other was a faulty migration tied to an April 2025 software update.
Those weaknesses allowed unauthorized changes to the affected contract and created the opening used to remove funds. Renegade said the impacted deployment was a legacy V1 contract on Arbitrum, not a broader compromise of the newer protocol.
Renegade Says Affected Users Will be Repaid
Renegade said affected users will be made whole after the recovery. The quick return limited the immediate financial damage, but the incident still puts focus on deployment controls, upgrade procedures and monitoring for older contracts.
The case also shows how on-chain negotiation can help contain some exploits before assets move through mixers, bridges or centralized exchanges.
For Renegade, the main outcome is that most of the funds were recovered, and users are expected to avoid losses. The next step is the protocol’s full postmortem and direct outreach to the small number of affected users.
