On September 3, the decentralized finance (DeFi) protocol Penpie, built on Pendle, was hacked, resulting in the loss of $27 million in various cryptocurrencies.
The Exploit
The hack was first brought to light by an X account, Chaofan Shou, which reported that $17 million had been drained from Penpie, indicating that the protocol was unaware of the breach even after it had begun. This delay in response led to an additional $10 million in losses.
Response from Penpie and Pendle
Penpie confirmed the security breach in an X post approximately an hour after the hack began. The protocol immediately paused all deposits and withdrawals to prevent further losses. "Auto-detected quote"
Penpie's Appeal to the Hacker
Penpie reached out to the hacker with an offer to negotiate a bounty for the safe return of the stolen funds and guaranteed that no legal action would be taken if the funds were returned. They also offered the hacker the opportunity to join their security team.
As of the latest updates, Penpie’s stolen funds have been partially transferred to Tornado Cash, making recovery efforts more challenging. Penpie is actively working on ensuring the security of the platform and safe withdrawals for its users.
Comments