Overview
- A self-described whitehat used an unprotected initializer in Renegade’s Arbitrum V1 dark pool proxy to take control and drain about $209,000.
- After Renegade offered a 10% on-chain bounty with a legal warning, the attacker returned more than 90% of the funds.
- Renegade asked users to revoke token approvals to implementation address 0xc038933d0b33359f5C87B4B2f92Ee0DAd11EaDc5 because the breach touched 27 tokens.
- Renegade traced the cause to missing contract ownership from an April 2025 migration and said it will compensate affected users, noting only 7% of trading used the pool.
- The episode fits a recent string of DeFi failures tied to proxy, resolver, and admin-key controls that has pushed protocol design under fresh scrutiny.