On May 10, 2026, decentralized dark pool DEX Renegade suffered an exploit on a legacy V1 deployment on Arbitrum, resulting in a loss of approximately $209,000. Within hours, a whitehat hacker returned around $190,000 of the drained funds. The protocol confirmed that the vulnerability was isolated to this particular deployment and that all affected users would be made whole. The rapid return suggests the attacker intended to expose the flaw rather than steal, though it remains unclear if any prior coordination occurred with the Renegade team. Renegade had raised $3.4 million in a 2023 seed round led by Dragonfly Capital and, prior to the exploit, held over $338,000 in total value locked (TVL) across Base and Arbitrum, according to DefiLlama. Post-exploit, its TVL dropped sharply to around $129,500.
The next day, on May 11, Ink Finance became the target of a separate exploit. Blockchain security firm Blockaid flagged that an attacker drained approximately $140,000 from the protocol’s Workspace Treasury Proxy contract on Polygon. The method involved deploying a contract with an address that matched a whitelisted claimer entry in Ink Finance’s Workspace controller, then calling the claim function to bypass eligibility checks and trigger an authorized transfer. Ink Finance has not yet issued a public statement or acknowledged the breach.
These two incidents add to a worrying streak of DeFi attacks. April 2026 was recorded as the worst month for smart contract losses, fueled partially by the growing use of AI-assisted exploit techniques. Research from a16z Crypto showed that an off-the-shelf AI coding agent could independently identify and exploit smart contract vulnerabilities 10% of the time, with success rates rising to 70% when given structured knowledge of common attack patterns. GoPlus Security reported four separate Ethereum mainnet exploits within a 48-hour window ending April 29, with combined losses exceeding $1.5 million.
In late April, Syndicate Labs also suffered a private key compromise that enabled malicious upgrades to bridge contracts on two chains, leading to the loss of 18.5 million SYND tokens and $50,000 in other tokens. Syndicate later reimbursed affected SYND holders on Commons Chain in full, plus an additional 15%, sending the funds to Base wallets with gas fees covered.
As the DeFi sector grapples with a rising tide of sophisticated attacks, both Renegade and Ink Finance face critical tests in transparency and remediation. Users are advised to monitor official channels for post-mortem reports and any necessary smart contract upgrades.
