Penpie DeFi Hack Leads to $27M Loss

The decentralized finance (DeFi) protocol Penpie, built on Pendle’s platform, suffered a significant exploit on Wednesday, resulting in a loss of $27 million in digital assets. This incident highlights the ongoing security issues facing the crypto sector, particularly within DeFi protocols.

$27 Million Stolen in Penpie Hack

Blockchain security firm Cyvers first reported the hack, detecting suspicious activity linked to Penpie’s contracts. According to Cyvers, the hacker gained access to Penpie’s system through a crypto mixing service, executing a malicious transaction that allowed them to steal various tokens, including staked Ethereum (ETH), sUSDE, and wrapped USDC. These stolen assets were later converted to Ethereum using the Li.Fi protocol and moved to a new wallet address.

The exploit began with a deposit of 10 ETH through Tornado Cash, a service that anonymizes transactions. This initial transaction helped the hacker conceal their identity, making it harder for investigators to trace the funds.

Penpie and Pendle’s Response

Pendle, the platform on which Penpie operates, confirmed the breach but reassured users that Pendle’s funds were unaffected. However, as a precautionary measure, Pendle temporarily paused all contracts to ensure the security of their system. Pendle is now working closely with the Penpie team to investigate the situation and resolve the security issue as quickly as possible.

Despite Pendle’s reassurance, the hack had immediate consequences for Penpie’s native token, PNP, which plummeted by 40% following the news. Pendle’s token (PENDLE) also took a hit, declining by 8% in value. This incident underscores the rising vulnerability of crypto platforms to malicious attacks.

Growing Wave of Crypto Hacks in 2024

The Penpie hack is part of a larger trend of increasing cyberattacks on crypto platforms, especially in 2024. According to a report from Immunefi, over $1.2 billion has been stolen through 154 incidents this year alone, exposing the widespread risks in the DeFi sector.

In August 2024, alone, more than $313 million was lost to various hacks, according to PeckShield, a security firm. The two biggest thefts that month accounted for $238 million in Bitcoin and $55 million in DAI. Additionally, phishing attacks have surged dramatically, with reports indicating a 215% rise in financial losses tied to phishing in August.

While fewer phishing attacks were recorded compared to July, the total value of stolen funds spiked significantly, with one major phishing scheme leading to a $55 million loss. This reflects how the nature of attacks has become more focused on higher-value targets, posing significant threats to the safety of investors and the stability of the broader crypto market.

In conclusion, the Penpie hack highlights ongoing security challenges in the DeFi space, with more than $27 million stolen and the PNP token seeing a dramatic 40% drop. As attacks on crypto platforms continue to rise, securing these systems remains a top priority for the industry.