DeFi lending platform Sentiment has responded to a reentrancy attack that resulted in the loss of $1 million worth of crypto by offering a $95,000 bounty to the hacker or anyone with information that could help Sentiment find and prosecute the attacker.
As earlier reported by crypto.news, the hacker exploited a vulnerability in the Sentiment smart contract on the Arbitrum blockchain and repeatedly drained funds from the protocol before its state could be updated.
The Sentiment team announced the incident on Twitter on April 5 and said they had paused the main contract and restricted functionality only to allow withdrawals.
The team also confirmed that they had hired third-party security auditors to fix the issue, enable users to repay debts, and unwind their positions.
Sentiment reaches out to attacker
In an attempt to recover the stolen funds, the Sentiment team also posted a message on arbiscan.io, a block explorer for Arbitrum, offering a 10% bounty to the hacker if they return the rest of the funds.
“To the hacker: We will offer you $95k and will not pursue this, if you return the money by 8 am UTC 6 April. To everyone else: if the hacker has not returned the funds by the above time, we will give any person that same $95k if you help us find and prosecute the person responsible for this theft.”
Sentiment, message to hacker.
By the time of going to press, Sentiment had yet to indicate whether the hacker had responded to the message or contacted the platform.
The Sentiment hack is the latest in a series of attacks on DeFi platforms that have exposed the risks and challenges of decentralized finance. The DeFi market has seen several exploits and hacks this year, with millions of dollars worth of crypto assets stolen or lost.
Some notable incidents include the Euler Finance hack that resulted in nearly $200 million worth of losses, the Bong DAO exploit that drained $88 million worth of funds, and the Platypus Finance flash loan attack where the hacker reportedly made off with $9 million worth of crypto.