- Sequence of Events
- Pendle's Response
- Situation Analysis
On Wednesday, the Penpie protocol operating on Pendle's platform experienced a severe security breach, leading to the loss of $27 million in digital assets.
Sequence of Events
Cyvers, a blockchain security firm, reported the hack after detecting unusual behavior associated with Penpie's contracts. The hacker infiltrated Penpie's system by exploiting a crypto mixing service, carrying out a malevolent transaction that enabled them to pilfer many tokens, such as staked Ethereum (ETH), sUSDE, and wrapped USDC. Subsequently, the assets were transformed into Ethereum through the utilization of the Li.Fi protocol and then transferred to a different wallet address. The exploit commenced by initiating a deposit of 10 ETH via Tornado Cash, a transaction anonymization service.
Pendle's Response
Pendle acknowledged the intrusion, although assured users that the financial resources of Pendle remained unharmed. Pendle implemented a temporary suspension of all contracts as a precautionary step to safeguard system security.
Situation Analysis
The Penpie hack is indicative of a broader pattern of escalating cyber assaults on cryptocurrency systems, particularly in 2024. Immunefi's analysis reveals that a staggering $1.2 billion has been illicitly obtained through 154 separate occurrences this year. This alarming figure underscores the extensive vulnerabilities present within the DeFi sector. During August 2024, a total of about $313 million was lost due to numerous hacking incidents. The largest thefts involved $238 million worth of Bitcoin and $55 million worth of DAI.
The Penpie hack serves as a reminder of the need to strengthen security measures in the DeFi space. Continuous improvements in protection and vigilance can reduce risks and increase user trust.
