Things moved very quickly for Renegade over the weekend. The decentralized trading protocol was hit by an exploit that drained more than $200,000 worth of crypto assets from one of its dark pools on Arbitrum. 

But instead of disappearing with the funds, the hacker later returned most of the money after receiving an on-chain message from the protocol’s team. 

According to blockchain security platform Blockaid, the exploit was detected early Sunday after malicious code was injected into a vulnerable function connected to Renegade’s V1 Arbitrum dark pool. The attacker managed to steal 27 ERC-20 tokens, with the total losses initially estimated at around $209,000. 

Not long after the exploit became public, Renegade sent an on-chain message asking the attacker to return 90% of the funds and keep the remaining amount as a whitehat bounty. The protocol also warned that refusing the offer could expose the attacker to possible legal action. 

Arbitrum Freezes $71 Million in ETH Linked to KelpDAO Hack, Raising Decentralization Concerns
The move follows a major exploit and highlights growing tension between intervention and decentralization in crypto networks.
TechloyOluwajeminipe Fasheun-Motesho

Most of the Stolen Crypto Was Returned Within Hours 

The situation shifted again less than an hour later. Blockchain records from Arbiscan showed that about $190,000 was sent back to a Renegade-controlled wallet. The returned assets included roughly $84,000 in USD Coin, alongside wrapped Bitcoin and wrapped Ether. 

Later, the hacker responded publicly through an on-chain message, claiming the exploit was carried out to protect users rather than harm them. As the attacker put it, “I believe this was the best solution to protect users' funds and ensure their safety.” The individual also criticized Renegade’s security setup, describing the vulnerability as “tooooo simple and bad.” 

How the Renegade Vulnerability Happened 

Renegade later explained that the exploit appeared to come from two separate issues tied to its deployment process. 

According to the team, one part of the problem involved code that failed to assign a clear owner to the smart contract. Another issue reportedly came from a faulty migration connected to a software update released in April 2025. 

Together, those mistakes created an opening that allowed someone to rewrite the contract tied to the protocol’s V1 Arbitrum dark pool. 

Dark pools are designed to let traders carry out large crypto transactions privately without exposing activity to the wider market. That privacy can help reduce sudden price swings during large trades, but incidents like this also show how risky smart contract weaknesses can become. 

The incident has also reopened debate around whitehat hacking in crypto. Renegade has since said it plans to fully compensate affected users and publish a detailed post-mortem explaining exactly how the exploit happened. 

The protocol also stated that only a small portion of its overall trading activity was affected, with about 7% of volume reportedly flowing through the compromised V1 Arbitrum dark pool. 

The incident may have ended with most funds returned, but it still highlights how fragile parts of decentralized finance remain. Even a small coding mistake can quickly turn into a major security problem, especially in systems handling millions of dollars in digital assets every day. 

How the $290M KelpDAO Hack Turned into a Blame Battle Between LayerZero and Attackers
Investigators say a single-verifier setup allowed attackers to mint unbacked rsETH, with LayerZero arguing the vulnerability came from how the system was configured.
TechloyOluwajeminipe Fasheun-Motesho