價值 2700 萬美元的 Penpie 駭客事件：發生了什麼事？

在去中心化金融領域，安全漏洞已成為一個不幸的現實，最近針對基於 Pendle 的協議 Penpie 收益優化器的攻擊再次凸顯了 DeFi 平台安全的重要性。

A yield optimizer protocol based on Pendle, Penpie, was hacked on Tuesday, leading to the theft of approximately $27.3 million in assets, according to blockchain security firm PeckShield. However, Pendle announced on Wednesday that it managed to save around $105 million from being drained during the attack.

據區塊鏈安全公司 PeckShield 稱，基於 Pendle 的收益優化器協議 Penpie 於週二遭到駭客攻擊，導致約 2,730 萬美元的資產被盜。然而，Pendle 週三宣布，它成功避免了約 1.05 億美元在攻擊期間被耗盡。

The Penpie hack was a significant event in the decentralized finance (DeFi) platform security space. According to a post-mortem published by Pendle, the hack involved an “evil market” contract that inflated staking balances on Penpie, allowing the attacker to claim rewards that weren’t rightfully theirs. PeckShield attributed the attack to this malicious contract, which was deployed to exploit a vulnerability in Penpie’s code.

Penpie 駭客事件是去中心化金融 (DeFi) 平台安全領域的重大事件。根據 Pendle 發布的事後分析，這次駭客攻擊涉及一份「邪惡市場」合約，該合約誇大了 Penpie 上的質押餘額，使攻擊者能夠要求不屬於他們的獎勵。 PeckShield 將這次攻擊歸因於這個惡意合約，該合約的部署是為了利用 Penpie 程式碼中的漏洞。

The attacker managed to steal $27.3 million worth of assets, which were subsequently converted into 11,109 ETH. While Pendle’s in-house monitoring system detected the suspicious activity, the platform was unable to prevent the initial breach. Despite this, Pendle quickly moved to contain the damage and protect the rest of its funds.

攻擊者成功竊取了價值 2730 萬美元的資產，這些資產隨後被兌換成 11,109 ETH。雖然 Pendle 的內部監控系統偵測到了可疑活動，但該平台無法阻止最初的違規行為。儘管如此，彭德爾還是迅速採取行動控制損失並保護其剩餘資金。

Pendle’s swift action in response to the hack highlights the importance of DeFi platform security protocols. Thanks to a coordinated effort involving multiple parties, Pendle was able to mitigate further breaches, preventing the loss of an additional $105 million, according to the protocol’s statement. This quick response allowed Pendle to resume normal operations after temporarily pausing its contracts to assess the situation.

Pendle 對駭客攻擊的迅速反應凸顯了 DeFi 平台安全協定的重要性。根據該協議的聲明，由於多方的協調努力，Pendle 能夠減少進一步的違規行為，避免額外損失 1.05 億美元。這種快速反應使 Pendle 在暫時暫停合約以評估情況後恢復了正常運作。

The project reassured its users that funds on the main platform were unaffected and remain safe. By resuming operations swiftly and transparently, Pendle aimed to maintain user trust during a time of heightened uncertainty. The project’s ability to safeguard a significant amount of capital demonstrates the importance of continuous monitoring and proactive measures in the DeFi sector.

該項目向用戶保證，主平台上的資金不受影響並且保持安全。透過迅速、透明地恢復運營，Pendle 旨在在不確定性加劇的時期維持用戶的信任。該專案能夠保護大量資金，這表明了 DeFi 領域持續監控和主動措施的重要性。

The hack had an immediate impact on the prices of the tokens involved. Penpie’s PNP token experienced a sharp decline, losing more than 33% of its value following the breach. Meanwhile, Pendle’s native token saw a drop of approximately 9% over a 24-hour period. This downturn reflects the market’s sensitivity to security incidents, even when a platform demonstrates strong DeFi platform security measures to contain the damage.

這次駭客攻擊對相關代幣的價格產生了直接影響。 Penpie 的 PNP 代幣經歷了急劇下跌，在洩漏後損失了超過 33% 的價值。與此同時，Pendle 的原生代幣在 24 小時內下跌了約 9%。這種低迷反映了市場對安全事件的敏感性，即使平台展示了強大的 DeFi 平台安全措施來控制損害。

These price fluctuations underscore the volatility that often accompanies security breaches in the DeFi space. When confidence in the platform’s security is shaken, token holders may quickly sell off assets, exacerbating the price drop.

這些價格波動凸顯了 DeFi 領域常伴隨安全漏洞而來的波動。當對平台安全性的信心動搖時，代幣持有者可能會迅速拋售資產，從而加劇價格下跌。

In a surprising move, Penpie later announced that it was willing to negotiate with the hacker. The protocol offered not to pursue legal action or reveal the attacker’s identity, provided that a portion of the stolen funds was returned as part of a bounty reward. This type of arrangement is not uncommon in the DeFi world, where hackers are sometimes incentivized to cooperate after an attack in exchange for a reward or reduced consequences.

令人驚訝的是，Penpie 隨後宣布願意與駭客進行談判。協議提出，只要將部分被盜資金作為賞金獎勵的一部分返還，就不會採取法律行動或洩露攻擊者的身分。這種類型的安排在 DeFi 世界中並不罕見，駭客有時會在攻擊後受到激勵進行合作，以換取獎勵或減少後果。

While Penpie’s decision may raise eyebrows, it is often seen as a practical solution to recovering at least some of the stolen assets, as legal recourse in decentralized finance can be challenging. However, it also highlights the complexity of DeFi platform security and the balancing act between recovering lost funds and maintaining the integrity of the protocol.

儘管 Penpie 的決定可能會引起人們的注意，但它通常被視為至少追回部分被盜資產的實用解決方案，因為去中心化金融中的法律追索權可能具有挑戰性。然而，它也凸顯了 DeFi 平台安全的複雜性以及追回損失資金和維護協議完整性之間的平衡行為。

The Penpie hack is yet another reminder of the challenges facing the DeFi platform security landscape. As decentralized protocols like Pendle offer innovative financial services without intermediaries, they are also vulnerable to sophisticated attacks. The use of malicious contracts, as seen in this case, can exploit even the most well-established platforms.

Penpie 駭客事件再次提醒我們 DeFi 平台安全格局面臨的挑戰。由於像 Pendle 這樣的去中心化協議提供無需中介的創新金融服務，因此它們也容易受到複雜的攻擊。如本例所示，使用惡意合約甚至可以利用最完善的平台。

For DeFi platforms, the ability to respond quickly to security incidents is critical. Pendle’s success in mitigating further losses and safeguarding $105 million is a testament to the effectiveness of proactive security measures. However, it also highlights the need for continuous improvement in security protocols to stay ahead of increasingly sophisticated attackers.

對於 DeFi 平台來說，快速回應安全事件的能力至關重要。 Pendle 成功減少了進一步損失並保護了 1.05 億美元，這證明了主動安全措施的有效性。然而，它也強調需要不斷改進安全協議，以領先日益複雜的攻擊者。

As decentralized finance continues to grow, DeFi platform security must remain a top priority. The Penpie hack serves as both a cautionary tale and a testament to the importance of robust security measures. While Pendle managed to prevent further losses, the incident underscores the need for continuous monitoring, transparent communication, and, when necessary, collaboration with hackers to recover stolen funds.

隨著去中心化金融的不斷發展，DeFi 平台的安全仍然是重中之重。 Penpie 駭客事件既是警示，也證明了強而有力的安全措施的重要性。儘管 Pendle 設法防止了進一步的損失，但該事件強調了持續監控、透明溝通以及在必要時與駭客合作以追回被盜資金的必要性。

DeFi users should remain vigilant, carefully evaluating the security of platforms before investing. As the sector evolves, the lessons learned from incidents like the Penpie hack will be essential for building a more secure decentralized financial ecosystem.

DeFi 使用者應保持警惕，在投資前仔細評估平台的安全性。隨著該行業的發展，從 Penpie 駭客事件中學到的經驗教訓對於建立更安全的去中心化金融生態系統至關重要。