Decentralized Finance (DeFi) Protocol Penpie recently fell victim to an exploit that took millions of dollars worth of several crypto assets.
A DeFi protocol based on Pendle, Penpie, recently fell victim to an exploit that saw millions of dollars worth of several crypto assets being drained from the protocol. Pendle addressed the incident in a post-mortem post, revealing that its quick response prevented further losses to the tune of over $100 million in users’ funds.
According to reports, the crypto heist took place on Tuesday, with the malicious actor exploiting a vulnerability in Penpie’s reward distribution mechanism. The vulnerability stemmed from a Penpie-only feature that permitted permissionless listing of Pendle markets on Penpie.
The attacker used an “evil market” contract to inflate the staking balance and claim unwarranted rewards. As a result, they were able to drain $7.87 million in wstETH, $2.51 million in sUSDe, $3.4 million agETH, $2.22 million in rswETH, and four other Pendle-related Yield tokens from the protocol.
Following the exploit, the hacker swapped the crypto assets for 11,113 ETH using the Li.fi protocol. The stolen funds, worth $27.3 million, were later transferred to crypto mixer Tornado Cash.
The Penpie Team sent a message to the attacker, asking them to “amicably” resolve the incident. The protocol recognized the project’s vulnerability and the exploit’s role in bringing it forward, proposing a white hat bounty for the safe return of the funds.
Additionally, they offered the attacker an opportunity to “transition into a white-hat role, where your skills will be acknowledged and rewarded.” The team assured that the hacker’s identity would remain confidential and they would not pursue any legal action against them.
As of this writing, there are no reports of a resolution between the exploiter and the protocol’s team.
The above is the detailed content of Penpie DeFi Protocol Exploited, Loses Millions of Dollars. For more information, please follow other related articles on the PHP Chinese website!