Hackers Steal $349K From Ink Finance and Renegade

Attackers drained a combined $349,000 from decentralized finance protocols Ink Finance and Renegade in two separate exploits on May 10 and May 11. The incidents targeted a Polygon treasury proxy and a legacy Arbitrum V1 deployment.

Blockchain security firm Blockaid flagged the Ink Finance incident on May 11. According to Blockaid, the attacker deployed a contract at an address matching a whitelisted claimer entry in Ink’s Workspace controller, then called the claim function to pass an eligibility check and trigger an authorized transfer from the Workspace Treasury Proxy on Polygon. Ink Finance has not posted a public acknowledgment. The exploit removed about $140,000 from the protocol’s treasury proxy.

Renegade reported an exploit on May 10 that affected a legacy V1 deployment on Arbitrum and extracted roughly $209,000. The protocol confirmed a white hat returned about $190,000 and said the vulnerability was limited to the V1 Arbitrum deployment and did not affect other contracts. Renegade indicated all affected users will be reimbursed. On-chain tracker data show Renegade’s total value locked fell from more than $338,000 before the incident to about $129,500 after the exploit.

The two exploits followed a security incident at Syndicate Labs on April 30, when a private key compromise enabled malicious upgrades to bridge contracts on two chains. The breach led to the loss of about 18.5 million SYND tokens and roughly $50,000 in other tokens. Syndicate later reimbursed affected SYND holders on Commons Chain in full and added 15% to the reimbursed amounts, sending funds directly to wallets on Base and covering gas fees.

Research and security firms have reported increases in automated and AI-assisted attack techniques. A study from a crypto research team found an off-the-shelf AI coding agent that received only a contract address and basic developer tools could identify and exploit smart contract flaws about 10% of the time, and that success rose to roughly 70% when the agent was given structured information about common attack patterns. Security firm GoPlus flagged four separate Ethereum mainnet exploits within a 48-hour period ending April 29 with combined losses exceeding $1.5 million, and described the pace of attacks as a “countdown-by-the-second era.”

Security teams recommend audits, stronger key-management practices and prompt patching of older deployments and whitelisting logic to limit exposure to similar vulnerabilities.