Penpie DeFi Protocol Hack: $27 Million Lost!
The $27 million Penpie hack adds to the rising trend of crypto thefts in 2024, with total losses surpassing $1.21 billion.
On September 3, 2024, the Penpie decentralized finance (DeFi) protocol suffered a massive security breach, resulting in the theft of approximately $27 million worth of Ethereum. This incident marks another blow to the cryptocurrency industry, which has seen an alarming rise in thefts this year, with total losses across various attacks and exploits reaching $1.21 billion.
Penpie, built on the Pendle platform, confirmed that $27,348,259 in Ethereum was stolen in the attack. In response, the protocol suspended all deposits and withdrawals to prevent further damage. The team has since filed reports with both Singapore police and the FBI’s Internet Crime Complaint Center (IC3) in a bid to recover the funds. They also reached out to the hacker with a bounty offer, hoping for a negotiation that could lead to the safe return of the assets. Unfortunately, these efforts have so far been unsuccessful, as the hacker continues to transfer the stolen crypto across multiple blockchain addresses.
Adding to the complexity of the situation, the attacker received praise from another well-known crypto thief—the individual responsible for the $195 million Euler Finance exploit in 2023. In an on-chain message, the Euler hacker expressed admiration for the Penpie attack, saying, "Good job bro... I’m happy you kept all the money... You won, they lost."
Pendle, the platform underlying Penpie, reported that its internal security system detected the attack quickly but was unable to prevent the $27 million loss. However, the platform managed to block an additional $105 million from being stolen from other protocols on its system. According to Penpie, the vulnerability exploited in the hack was related to a feature introduced in May 2024, which inadvertently reintroduced a previously patched issue. The team admitted they should have conducted a full audit after launching the new feature and promised to do so before resuming operations.
This incident is part of a broader trend of increasing crypto thefts in 2024. A report from security firm Immunefi shows that the $1.21 billion stolen so far this year represents a 15.5% increase from 2023. Most of these thefts have occurred in the DeFi space, where decentralized protocols are often targeted by hackers due to their open-source nature and complex smart contracts.
August 2024 alone saw a 215% rise in phishing attacks, with over $63 million stolen. One major attack during the month resulted in a $55 million loss, contributing significantly to the overall increase in crypto-related crimes. Security firm PeckShield also reported that hacks in August caused monetary losses exceeding $313 million, further highlighting the growing vulnerability within the DeFi ecosystem.
Penpie’s hack serves as a stark reminder of the need for robust security measures in the rapidly evolving DeFi landscape. With hackers becoming more sophisticated, the crypto industry faces increasing pressure to improve auditing processes and ensure the safety of user funds.
photo source / Blockonome
Comments