What happened in the Renegade exploit?

Renegade confirmed that a whitehat hacker exploited vulnerabilities in one of its Arbitrum-based decentralised dark pools before later returning most of the stolen funds.

How much money was taken and returned?

The attacker initially stole roughly $209,000 worth of crypto assets and later returned around $190,000 after negotiations through onchain messages.

What assets were involved in the exploit?

The stolen funds included multiple ERC-20 tokens such as USDC, wrapped Bitcoin and wrapped Ethereum.

What is a whitehat hacker?

A whitehat hacker is someone who exploits vulnerabilities ethically to expose security weaknesses or protect user funds rather than steal assets permanently for personal gain.

Why did the hacker return the funds?

The hacker claimed the exploit was performed to protect users and highlight weak security practices rather than conduct a malicious theft. Renegade also offered a 10% whitehat bounty in exchange for returning the assets.

What is an Arbitrum dark pool?

A decentralised dark pool allows traders to execute large transactions privately without exposing orders publicly to the market. These systems aim to reduce market impact and front-running risks.

Why are dark pools important in crypto?

Dark pools help institutional and large-volume traders execute transactions discreetly. They are increasingly used in decentralised finance to minimise slippage and protect trading strategies.

Whitehat returns most funds after Renegade exploit

Q: What caused the Renegade vulnerability?

Renegade said the exploit resulted from deployment code that failed to assign an explicit owner combined with a faulty migration process introduced during an April 2025 software update.

Written by Brie CarterPublished May. 11 2026Last Updated May. 11 2026

Renegade said a whitehat hacker returned roughly $190,000 after exploiting vulnerabilities tied to one of the protocol’s Arbitrum-based decentralised dark pools.

Blockchain security platform Blockaid initially flagged the exploit, which reportedly involved malicious logic being injected into a faulty function linked to Renegade’s V1 Arbitrum dark pool.

The attacker stole 27 ERC-20 tokens before later returning more than 90% of the funds, including holdings denominated in USDC, wrapped Bitcoin and wrapped Ethereum.

In an onchain message, Renegade requested that the hacker return most of the assets and retain 10% as a whitehat bounty in exchange for avoiding potential legal action.

“I believe this was the best solution to protect users' funds and ensure their safety,”

The whitehat hacker responded while criticising the protocol’s weak security design.

Renegade later said the vulnerability stemmed from deployment code that failed to assign an explicit owner combined with a faulty migration process introduced during an April 2025 software update.

The protocol added that affected users would be fully compensated and noted that only around 7% of trading activity passed through the compromised V1 Arbitrum dark pool.

The incident highlighted the growing role of whitehat hackers within decentralised finance as protocols increasingly rely on ethical hackers and coordinated disclosure frameworks to identify vulnerabilities before malicious actors exploit them.

At the time of reporting, Bitcoin price was $80,841.58.