Penpie protocol loses US$27 million in major crypto hack: what you need to know
The Penpie Protocol has been targeted by a significant attack, leading to the theft of various tokens, including staked Ethereum (ETH), Ethena’s sUSDE, and wrapped USDC. These stolen assets were later converted into ETH using the Li.Fi protocol and transferred to a new address.
Blockchain security firm Cyvers uncovered the incident, noting suspicious activities related to Penpie’s contract. According to their report, the malicious transaction was executed by an address funded through a crypto mixing service, resulting in the theft of approximately US$27 million in digital assets.
Etherscan data indicates that the attacker’s address initially received a deposit of 10 ETH, worth around US$25,000, via Tornado Cash just hours before the hack occurred. This transaction was crucial in masking the identity of the attacker.
Pendle has confirmed a breach in Penpie’s system but has assured users that their funds on Pendle are secure. As a precaution, Pendle has temporarily paused all contracts while working with the Penpie team to assess and address the damage.
“Pendle has confirmed that its funds are secure after an investigation. However, a security issue has been found in Penpiexyz, a separate protocol built on Pendle. To address this, all contracts have been paused temporarily, and Pendle is working closely with the Penpie team to resolve the issue quickly!” Cyvers added shortly.
The attack led to a sharp decline in Penpie’s native token (PNP), which fell by 40%, according to BeInCrypto data. Pendle’s token (PENDLE) also experienced an 8% drop, which exceeded the broader crypto market’s losses.
This incident is part of a troubling trend of increasing crypto hacks in 2024. A recent Immunefi report reveals that hackers have stolen over US$1.2 billion across 154 incidents this year, highlighting severe vulnerabilities within DeFi protocols and other crypto platforms.
In August 2024 alone, crypto hacks resulted in over US$313 million in losses, as reported by security firm PeckShield. The largest incidents of that month involved the theft of US$238 million in Bitcoin and US$55 million in DAI.
Phishing incidents are also experiencing an increase. In August, Scam Sniffer recorded a 215% higher loss in the financial sector. However, the number of losing targets has reduced if compared to July, when the amount of funds stolen registered a sharp rise, with a single phishing scheme alone netting US$55 million.