Whitehat returns $190K after Renegade Arbitrum exploit

A whitehat returned about $190,000 to Renegade after exploiting a faulty function in the protocol’s V1 Arbitrum dark pool. Blockchain analytics firm Blockaid flagged the activity at 8:27 a.m. UTC after roughly $209,000 in assets moved, and Renegade posted an onchain message requesting 90% of the funds be returned within 45 minutes.

Arbiscan records show the returned assets were sent to an Arbitrum address labeled “0xE4A…5CFBE” and included about $84,370 in USDC, $27,885 in wrapped Bitcoin and $23,950 in wrapped Ether, together with other ERC-20 tokens. The exploit initially drained 27 different tokens before the majority of the funds were returned.

Renegade traced the flaw to a deployment script that failed to assign an explicit owner and to a faulty migration introduced in an April 2025 software update. Those errors allowed anyone to rewrite the smart contract that governed the V1 Arbitrum dark pool. Dark pools are private trading venues that allow large trades to execute without immediately revealing trade details to the wider market.

In its onchain message, Renegade asked the actor to return 90% of the funds and to keep 10% as a whitehat bounty to avoid potential civil or criminal action. The whitehat transferred more than 90% of the assets back within 45 minutes and responded onchain, writing that the action was “not ethical” but intended to protect users’ funds. The actor also criticized the vulnerability as “tooooo simple and bad” and warned that state-backed groups would not negotiate.

Renegade confirmed it will publish a post-mortem with a full root-cause analysis and that it will fully compensate affected users. The protocol reported that roughly 7% of its trading volume flowed through the V1 Arbitrum dark pool and that it will contact the small number of impacted users directly. No decision to pursue legal action against the individual who returned the funds has been announced.