价值 2700 万美元的 Penpie 黑客事件：发生了什么？

在去中心化金融领域，安全漏洞已成为一个不幸的现实，最近针对基于 Pendle 的协议 Penpie 收益优化器的攻击再次凸显了 DeFi 平台安全的重要性。

A yield optimizer protocol based on Pendle, Penpie, was hacked on Tuesday, leading to the theft of approximately $27.3 million in assets, according to blockchain security firm PeckShield. However, Pendle announced on Wednesday that it managed to save around $105 million from being drained during the attack.

据区块链安全公司 PeckShield 称，基于 Pendle 的收益优化器协议 Penpie 于周二遭到黑客攻击，导致约 2730 万美元的资产被盗。然而，Pendle 周三宣布，它成功避免了约 1.05 亿美元在攻击期间被耗尽。

The Penpie hack was a significant event in the decentralized finance (DeFi) platform security space. According to a post-mortem published by Pendle, the hack involved an “evil market” contract that inflated staking balances on Penpie, allowing the attacker to claim rewards that weren’t rightfully theirs. PeckShield attributed the attack to this malicious contract, which was deployed to exploit a vulnerability in Penpie’s code.

Penpie 黑客事件是去中心化金融 (DeFi) 平台安全领域的重大事件。根据 Pendle 发布的事后分析，这次黑客攻击涉及一份“邪恶市场”合约，该合约夸大了 Penpie 上的质押余额，使攻击者能够索取不属于他们的奖励。 PeckShield 将这次攻击归因于这个恶意合约，该合约的部署是为了利用 Penpie 代码中的漏洞。

The attacker managed to steal $27.3 million worth of assets, which were subsequently converted into 11,109 ETH. While Pendle’s in-house monitoring system detected the suspicious activity, the platform was unable to prevent the initial breach. Despite this, Pendle quickly moved to contain the damage and protect the rest of its funds.

攻击者成功窃取了价值 2730 万美元的资产，这些资产随后被兑换成 11,109 ETH。虽然 Pendle 的内部监控系统检测到了可疑活动，但该平台无法阻止最初的违规行为。尽管如此，彭德尔还是迅速采取行动控制损失并保护其剩余资金。

Pendle’s swift action in response to the hack highlights the importance of DeFi platform security protocols. Thanks to a coordinated effort involving multiple parties, Pendle was able to mitigate further breaches, preventing the loss of an additional $105 million, according to the protocol’s statement. This quick response allowed Pendle to resume normal operations after temporarily pausing its contracts to assess the situation.

Pendle 对黑客攻击的迅速反应凸显了 DeFi 平台安全协议的重要性。根据该协议的声明，由于多方的协调努力，Pendle 能够减少进一步的违规行为，避免额外损失 1.05 亿美元。这种快速反应使 Pendle 在暂时暂停合同以评估情况后恢复了正常运营。

The project reassured its users that funds on the main platform were unaffected and remain safe. By resuming operations swiftly and transparently, Pendle aimed to maintain user trust during a time of heightened uncertainty. The project’s ability to safeguard a significant amount of capital demonstrates the importance of continuous monitoring and proactive measures in the DeFi sector.

该项目向用户保证，主平台上的资金不受影响并且保持安全。通过迅速、透明地恢复运营，Pendle 旨在在不确定性加剧的时期维持用户的信任。该项目能够保护大量资金，这表明了 DeFi 领域持续监控和主动措施的重要性。

The hack had an immediate impact on the prices of the tokens involved. Penpie’s PNP token experienced a sharp decline, losing more than 33% of its value following the breach. Meanwhile, Pendle’s native token saw a drop of approximately 9% over a 24-hour period. This downturn reflects the market’s sensitivity to security incidents, even when a platform demonstrates strong DeFi platform security measures to contain the damage.

此次黑客攻击对相关代币的价格产生了直接影响。 Penpie 的 PNP 代币经历了急剧下跌，在泄露后损失了超过 33% 的价值。与此同时，Pendle 的原生代币在 24 小时内下跌了约 9%。这种低迷反映了市场对安全事件的敏感性，即使平台展示了强大的 DeFi 平台安全措施来控制损害。

These price fluctuations underscore the volatility that often accompanies security breaches in the DeFi space. When confidence in the platform’s security is shaken, token holders may quickly sell off assets, exacerbating the price drop.

这些价格波动凸显了 DeFi 领域经常伴随安全漏洞而来的波动。当对平台安全性的信心动摇时，代币持有者可能会迅速抛售资产，从而加剧价格下跌。

In a surprising move, Penpie later announced that it was willing to negotiate with the hacker. The protocol offered not to pursue legal action or reveal the attacker’s identity, provided that a portion of the stolen funds was returned as part of a bounty reward. This type of arrangement is not uncommon in the DeFi world, where hackers are sometimes incentivized to cooperate after an attack in exchange for a reward or reduced consequences.

令人惊讶的是，Penpie 随后宣布愿意与黑客进行谈判。该协议提出，只要将部分被盗资金作为赏金奖励的一部分返还，就不会采取法律行动或泄露攻击者的身份。这种类型的安排在 DeFi 世界中并不罕见，黑客有时会在攻击后受到激励进行合作，以换取奖励或减少后果。

While Penpie’s decision may raise eyebrows, it is often seen as a practical solution to recovering at least some of the stolen assets, as legal recourse in decentralized finance can be challenging. However, it also highlights the complexity of DeFi platform security and the balancing act between recovering lost funds and maintaining the integrity of the protocol.

尽管 Penpie 的决定可能会引起人们的注意，但它通常被视为至少追回部分被盗资产的实用解决方案，因为去中心化金融中的法律追索权可能具有挑战性。然而，它也凸显了 DeFi 平台安全的复杂性以及追回损失资金和维护协议完整性之间的平衡行为。

The Penpie hack is yet another reminder of the challenges facing the DeFi platform security landscape. As decentralized protocols like Pendle offer innovative financial services without intermediaries, they are also vulnerable to sophisticated attacks. The use of malicious contracts, as seen in this case, can exploit even the most well-established platforms.

Penpie 黑客事件再次提醒我们 DeFi 平台安全格局面临的挑战。由于像 Pendle 这样的去中心化协议提供无需中介的创新金融服务，因此它们也容易受到复杂的攻击。正如本例所示，使用恶意合约甚至可以利用最完善的平台。

For DeFi platforms, the ability to respond quickly to security incidents is critical. Pendle’s success in mitigating further losses and safeguarding $105 million is a testament to the effectiveness of proactive security measures. However, it also highlights the need for continuous improvement in security protocols to stay ahead of increasingly sophisticated attackers.

对于 DeFi 平台来说，快速响应安全事件的能力至关重要。 Pendle 成功减少了进一步损失并保护了 1.05 亿美元，这证明了主动安全措施的有效性。然而，它也强调需要不断改进安全协议，以领先于日益复杂的攻击者。

As decentralized finance continues to grow, DeFi platform security must remain a top priority. The Penpie hack serves as both a cautionary tale and a testament to the importance of robust security measures. While Pendle managed to prevent further losses, the incident underscores the need for continuous monitoring, transparent communication, and, when necessary, collaboration with hackers to recover stolen funds.

随着去中心化金融的不断发展，DeFi 平台的安全仍然是重中之重。 Penpie 黑客事件既是一个警示，也证明了强有力的安全措施的重要性。尽管 Pendle 设法防止了进一步的损失，但该事件强调了持续监控、透明沟通以及在必要时与黑客合作以追回被盗资金的必要性。

DeFi users should remain vigilant, carefully evaluating the security of platforms before investing. As the sector evolves, the lessons learned from incidents like the Penpie hack will be essential for building a more secure decentralized financial ecosystem.

DeFi 用户应保持警惕，在投资前仔细评估平台的安全性。随着该行业的发展，从 Penpie 黑客事件中吸取的经验教训对于构建更安全的去中心化金融生态系统至关重要。