Skip to main content
Sign in

Bent Finance

avoid.net/bent-finance28/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]
anchored·4ZfrNy…TGNc

Summary

Bent Finance is an Ethereum-based DeFi yield aggregator built on top of Curve Finance and Convex Finance, offering staking and liquidity pool boosting for the BENT token. In December 2021, the protocol suffered an insider exploit in which a rogue developer with access to the contract deployer private key inserted a backdoor into the cvxCRV and MIM pool contracts, resulting in the theft of approximately 440 ETH (~$1.75M). Stolen funds were ultimately returned by the attacker and reimbursed to users by late December 2021, but the incident caused a 73% BENT token price collapse and left the protocol with negligible TVL.

Connected Entities

1 entities
Protocols
Bent Finance
Relationships
    Have evidence about Bent Finance?

    Timeline(7 events)

    2021-11-30

    Rogue developer silently updates Bent Finance cvxCRV pool contract to hardcode a malicious token balance for attacker address 0xd23cfffa066f81c7640e3f0dc8bb2958f7686d1f. A subsequent clean update is deployed to conceal the modification.

    2021-12-09

    Attacker's primary wallet receives two deposits from Tornado Cash, pre-funding the operation.

    2021-12-12

    Attacker begins executing withdrawals. First batch: 263,000 cvxCRV-f extracted from Bent Finance pools, converted to ETH, and sent to Tornado Cash.

    2021-12-19

    BENT token reaches all-time high of $15.90 per token.

    2021-12-20

    Exploit discovered at approximately 8:55 PM EST. Bent Finance disables reward claims and alerts users. Second batch of approximately 240 ETH laundered via Tornado Cash. Total: ~440 ETH (~$1.75M) laundered.

    2021-12-21

    PeckShield publicly confirms exploit originated from Bent Finance's own deployer address. Protocol issues official confirmation and advises all pool investors to withdraw funds. BENT token drops 73-74%. Team employs two independent white hat developers.

    2021-12-24

    Hacker agrees to return stolen funds to team multisig at 0xaBb8B277F49de499b902A1E09A2aCA727595b544. Full reimbursement of 512,696 cvxcrv-f tokens completed. Community contributed ~200,000 additional cvxCRV to cover deficit.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:defillama

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/4/2026, 2:54:52 AM

    last updated: 5/28/2026, 5:44:15 PM

    avoid.net — verified advice for a post-truth world