Penpie, a decentralized finance (DeFi) protocol operating on Pendle’s platform, experienced a severe security breach on Wednesday, leading to a loss of $27 million in digital assets.
Cyvers, a blockchain security firm, reported the hack after detecting unusual behavior associated with Penpie’s contracts. The hacker infiltrated Penpie’s system by exploiting a crypto mixing service, carrying out a malevolent transaction that enabled them to pilfer many tokens, such as staked Ethereum (ETH), sUSDE, and wrapped USDC.
Subsequently, the assets were transformed into Ethereum through the utilization of the Li.Fi protocol and subsequently transferred to a different wallet address.
The exploit commenced by initiating a deposit of 10 ETH via Tornado Cash, a transaction anonymization service that enhances the difficulty for investigators to track the cash.
Pendle acknowledged the intrusion, although assured users that the financial resources of Pendle remained unharmed. Pendle implemented a temporary suspension of all contracts as a precautionary step to safeguard system security.
The Penpie hack is indicative of a broader pattern of escalating cyber assaults on cryptocurrency systems, particularly in the year 2024. Immunefi’s analysis reveals that a staggering $1.2 billion has been illicitly obtained through 154 separate occurrences this year.
This alarming figure underscores the extensive vulnerabilities present within the DeFi sector. During August 2024, a total of about $313 million was lost due to many hacking incidents. The largest thefts involved $238 million worth of Bitcoin and $55 million worth of DAI.