Penpie DeFi Protocol Exploited, Loses $27M in Hack

The decentralized finance (DeFi) protocol Penpie, built on the Pendle yield platform, was exploited on Wednesday, resulting in a loss of about $27 million in crypto assets

A DeFi protocol built on the Pendle yield platform, Penpie, was exploited on Wednesday, leading to a loss of about $27 million in crypto assets, blockchain data showed.

The attacker stole various tokens, including staked Ethereum (ETH), Ethena’s sUSDE, and wrapped USDC. The funds were later converted to ETH using the Li.Fi protocol and moved to a new address.

Blockchain security firm Cyvers reported the incident, detecting suspicious activity involving Penpie’s contract. Based on the report, the address funded by a crypto mixing service has executed a malicious transaction and got around $27 million worth of digital assets.

According to Etherscan data, the exploiter’s address initially received 10 ETH, valued at approximately $25,000, via Tornado Cash just hours before the exploit. This transaction helped conceal the attacker's identity.

In a statement, Pendle confirmed a breach in Penpie’s system but reassured its users that their funds on Pendle remained safe. However, the company stated that it had paused all contracts as a safety measure and was working closely with the Penpie team to assess the damage.

“Pendle has confirmed that its funds are secure after an investigation. However, a security issue has been found in Penpiexyz, a separate protocol built on Pendle. To address this, all contracts have been paused temporarily, and Pendle is working closely with the Penpie team to resolve the issue quickly!” Cyvers added shortly.

The attack caused Penpie’s native token (PNP) to drop by 40%, BeInCrypto data showed. Pendle’s token (PENDLE) also experienced an 8% loss, exceeding the losses observed in the broader crypto market.

The Penpie exploit is part of a broader trend of increasing crypto hacks in 2024. A recent report by Immunefi stated that hackers have stolen over $1.2 billion across 154 incidents this year, highlighting the widespread vulnerabilities within DeFi protocols and other crypto platforms.

In August 2024 alone, crypto hacks resulted in over $313 million in losses, according to security firm PeckShield. The two largest incidents that month involved the theft of $238 million in Bitcoin and $55 million in DAI.

Phishing attacks have also seen a surge, with a report from Scam Sniffer showing a 215% increase in financial losses in August. While fewer attacks occurred compared to July, the amount of stolen funds increased significantly, with one phishing scheme netting $55 million.