Decentralized Finance (DeFi) platform Penpie, built on the Pendle network, reportedly suffered a major exploit on September 3, 2024.
According to the real-time on-chain monitoring system Cyvers Alert, the hack led to the loss of at least $26 million in various wrapped and synthetic crypto assets.
Details of the Attack Emerge
The security surveillance company stated that the attack on Penpie was initiated by a smart contract that had been initially funded to the tune of 10 ether (ETH) via Tornado Cash.
The affected protocol later acknowledged the breach, saying that it had experienced a “security compromise.” The team behind the project also informed users that all transactions had been stopped and that they were working on addressing the issue.
Pendle, on which the drained platform operates, also took to social media, stating that it had identified the attack. It also assured users that after carrying out “thorough investigations,” it had concluded that its own funds were safe. However, as a precaution, the network also paused all contracts and offered assistance to the Penpie team to help resolve the incident.
Defensive Measures and Post-Mortem
The platform later released an initial post-mortem report, detailing the timeline of events that occurred before, during, and after the incident.
In the report, the Pendle team divulged that their system flagged the contract suspected to be behind the theft immediately after it was deployed, as it had been funded from Tornado Cash.
They immediately went on high alert, scrutinizing the contract’s potential security threat against the network. It was at that time that the Penpie exploit happened, causing the Pendle team to initiate defensive measures to protect the network and its broader ecosystem against any follow-up attacks.
The protocol also enlisted the help of other cyber security bodies, including Seal 911, to develop strategies to mitigate further risks. However, after further checks, Pendle unpaused its contracts at 0050 UTC and resumed normal operations.
On its part, Penpie has reached out to the unknown hacker and advocated for a “positive resolution” to the incident.
In its overture, the DeFi project indicated its willingness to negotiate a bounty with the perpetrator that would allow for the safe return of the stolen funds. Further, it pledged that it would not take any legal action against the exploiter if they agreed to the offer that would see them take on a white-hat role. It also assured them that their identity would not be revealed.
However, at the time of going to press, it was not clear whether the attacker had taken up Penpie’s offer or if they had contacted the protocol’s team in any way. In the meantime, its operations remain paused, and the team is working on reestablishing its front end to ensure users access their funds.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!
The post appeared first on CryptoPotato