$105 Million Crypto Save: DeFi Protocol Pendle Prevents Further Losses From Penpie’s Exploit

Share This Post

Decentralized Finance (DeFi) Protocol Penpie recently fell victim to an exploit that took millions of dollars worth of several crypto assets. Pendle, the protocol Penpie is based on, addressed the incident in a post-mortem post, revealing to have prevented further losses worth over $100 million in users’ funds.

Crypto Hacker Drains Millions From DeFi Protocol

On Tuesday, DeFi project Penpie, a Pendle-based independent yield optimizer, saw over $20 million in funds drained from the protocol. Per the reports, the malicious actor exploited a vulnerability in its reward distribution mechanism and stole several crypto assets, including Ethena Staked USDe (sUSDe), wrapped USDC, and staked Ether (ETH).

According to security firm PeckShield, the exploiter used an “evil market” contract that inflated the staking balance to claim unwarranted rewards. Pendle confirmed the vulnerability was linked to a Penpie-only feature that allowed “permissionless listing of Pendle markets on Penpie.”

Crypto

The crypto heist took $7.87 million in wstETH, $2.51 million in sUSDe, $3.4 million agETH, $2.22 million in rswETH, and four other Pendle-related Yield tokens. Following the exploit, the hacker swapped the crypto assets for 11,113 ETH using the Li.fi protocol.

The stolen funds, worth $27.3 million, were later transferred to crypto mixer Tornado Cash. Per the report, the exploiter sent over 3,000 ETH, around $7.2 million, to the mixer by Wednesday morning.

The Penpie Team sent a message to the attacker, asking them to “amicably” resolve the incident. The protocol recognized the project’s vulnerability and the exploit’s role in bringing it forward, proposing a white hat bounty for the safe return of the funds.

Additionally, they offered the attacker an opportunity to “transition into a white-hat role, where your skills will be acknowledged and rewarded.” The team assured that the hacker’s identity would remain confidential and they would not pursue any legal action against them.

As of this writing, there are no reports of a resolution between the exploiter and the protocol’s team.

Post-Mortem: Quick Response Prevents Further Losses

On Wednesday morning, Pendle’s team shared a post-mortem detailing the incident. In the X post, the DeFi protocol explained that the project’s effective response prevented further losses from Penpie’s funds.

Pendle stated that its “real-time in-house monitoring system” immediately detected suspicious activity as the contract was funded with 10 ETH from Tornado Cash hours before the heist.

Crypto

By the time of the first attack, the parties involved were aware of the red flag and quickly mobilized to protect the project’s ecosystem from subsequent attacks. Twenty minutes after the exploit, the team paused all contracts on Pendle, which seemingly helped prevent more losses and safeguard $105 million in crypto assets from Penpie.

The DeFi protocol also contacted other Pendle-based projects, like Equilibria and StakeDAO, to check if they were under attack and assess the situation. After investigating, the team determined that the Pencosystem was safe and the attack was unique to Penpie before resuming operations:

A security breach targeting Penpie led to some loss of funds. In response, Pendle promptly paused our contracts, effectively safeguarding ~$105M that could have been further drained from Penpie. Thanks to coordinated efforts from multiple parties, further breaches were mitigated, and Pendle contracts have now been unpaused. Normal operations have resumed.

Ultimately, Pendle’s team assured users their funds were never at risk, and they remain unaffected by the exploit.

crypto

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Harris campaign criticized for ignoring crypto in policy statement

Vice President Kamala Harris‘s campaign released a policy statement outlining her administration’s key priorities However, there is a notable omission—crypto Harris’s campaign

Liminal Says Grant Thornton Confirms Its Security Amid Wazirx Breach Concerns

Grant Thornton’s review of Liminal’s infrastructure revealed no signs of any security breach within its frontend or backend systems, according to Liminal Following a breach at Wazirx that

Montenegro’s PM Caught In Scandal Over Terra Founder Do Kwon Deal And Meetings

In a recent interview, President Jakov Milatović of Montenegro accused Prime Minister Milojko Spajić of lying about his knowledge of Do Kwon, the controversial co-founder of Terraform Labs, during

Top 3 Meme Coins To Buy Now With Potential To Turn $2000 to $25,000 – PEPE, Mpeppe (MPEPE), BRETT

The meme coin frenzy has captured the imagination of investors, with coins like Pepecoin (PEPE), Mpeppe (MPEPE), and Brett (BRETT) showing strong potential for incredible returns These tokens, driven

Why Has This New Casino Cryptocurrency Coin Became Bigger Than Brett (BRETT) and PEPE?

The meme coin market has seen many entrants, with each trying to capture the excitement and attention of crypto investors Among these, Mpeppe (MPEPE) has rapidly risen to prominence, surpassing meme

Starket: STRK Price Prediction 2024, 2025 & 2026. Starknet & Mpeppe Shake Up Bearish Market With Recent Gains

In the world of cryptocurrency, some altcoins continue to hold their ground despite broader market downturns Starknet (STRK) is one such token that has shown resilience amid a bearish market,