Renegade Recovers Over 90% Of Funds After Arbitrum Dark Pool Exploit

Renegade Recovers Most Stolen Funds

Renegade has recovered more than 90% of funds drained from its V1 Arbitrum dark pool after an onchain negotiation ended with the attacker returning roughly $190,000 and keeping a whitehat bounty.

The exploit originally drained about $209,000 across 27 ERC-20 tokens from Renegade’s older Arbitrum deployment. Blockaid said the incident involved an unprotected initializer on the Dark Pool proxy that allowed the attacker to inject logic and execute it through the contract, exposing a dangerous access-control failure in the V1 deployment.

Renegade then sent an onchain message asking the hacker to return 90% of the affected assets to 0xE4A7cc3049665F686F89d00472f931f6a145CFBE and keep the remaining 10% as a whitehat bounty to avoid potential legal action. The hacker later said they had transferred all affected tokens to the address specified by Renegade while retaining only 20,000 USDC as the bounty, “less than 10%.”

In the signed onchain response, the hacker thanked Renegade for its cooperation and acknowledged that the action was not ethical, while claiming it was done to protect user funds from a vulnerability they called “toooo simple and bad.” The message also warned that, in the current DeFi cybersecurity environment, a state-backed attacker “would never come to negotiate.”

The funds were still taken without permission, so the whitehat label does not erase the seriousness of the exploit. The recovery does change the outcome for users. Instead of a full loss from a live DeFi contract failure, Renegade now has most of the affected assets back and a clearer path toward reimbursement.

Faulty V1 Deployment Becomes The Focus

Renegade is a decentralized dark pool designed for private onchain trading, where users can execute size without broadcasting trade intentions to the wider market. The protocol describes itself as an onchain dark pool and decentralized crossing network, with trades pegged to the real-time midpoint of the Binance bid-ask spread.

The affected deployment was tied to Renegade’s V1 Arbitrum system, not the full Renegade stack. Renegade later said the issue came from deployment code that failed to assign an explicit owner to the contract, combined with a faulty migration introduced in an April 2025 software update. That mistake left the smart contract connected to the V1 Arbitrum dark pool open to being rewritten by anyone.

Renegade said it would fully compensate affected users and publish a full root-cause postmortem. The team also said the affected V1 Arbitrum dark pool represented a small share of total protocol activity, while other deployments, including V1 Base, V2 Arbitrum, and V2 Base, were not affected.

The incident lands during a busy period for DeFi security. Recent exploit stories have already forced markets to separate confirmed losses from recovery negotiations, including cases where attackers returned funds after bounty offers and cases where stolen assets moved quickly across chains. A recent Solv Protocol vault incident followed a similar response pattern, with a defined exploit scope, external security alerts, and a whitehat bounty offer used to limit user losses.

Renegade now has most of the affected assets back and has said users will be fully compensated. The remaining focus is the promised postmortem, the reimbursement process, and the fixes applied to the V1 Arbitrum deployment after the ownership and migration failure that allowed the exploit.

The post Renegade Recovers Over 90% Of Funds After Arbitrum Dark Pool Exploit appeared first on Crypto Adventure.