On September 3, the decentralized finance (DeFi) protocol Penpie, built on Pendle, was hacked, resulting in the loss of $27 million in various cryptocurrencies.
The Exploit and Its Consequences
The stolen funds included Ether (ETH) and stablecoins like wrapped USDC and sUSDE, according to EmberCN. The hacker reportedly exploited a vulnerability in Penpie's security, converting most of the stolen assets into ETH and then transferring them to a new Ethereum address, making it difficult to trace. The hack was first brought to light by an X account, Chaofan Shou, affiliated with Fuzzland. The account reported that $17 million had been drained from Penpie, indicating that the protocol was unaware of the breach even after it had begun. This delay in response led to an additional $10 million in losses.
Response from Penpie and Pendle
Penpie confirmed the security breach in an X post approximately an hour after the hack began. The protocol immediately paused all deposits and withdrawals to prevent further losses. Pendle, the platform on which Penpie is built, also took action. They paused all contracts on Pendle as a precautionary measure, safeguarding approximately $105 million that could have been at risk. Pendle confirmed that their funds were secure and that the breach was specific to Penpie, not affecting the Pendle protocol itself.
Penpie's Appeal to the Hacker
Penpie reached out to the hacker with an offer to negotiate a bounty for the safe return of the stolen funds. Penpie emphasized that they would not pursue legal action if the funds were returned. They also offered the hacker an opportunity to transition into a white-hat role, where their skills would be recognized and rewarded. The protocol stressed the importance of the stolen funds to their community and expressed a willingness to resolve the issue cooperatively.
As of the latest updates, Penpie’s stolen funds have been partially transferred to Tornado Cash, making recovery efforts more challenging. Penpie is actively working to ensure that users can securely withdraw their remaining funds.
Comments