Penpie Protocol offers bounty after $27 million crypto heist, stolen funds laundered via Tornado Cash

Penpie Protocol offers bounty after $27 million crypto heist, stolen funds laundered via Tornado Cash
фото показано с : invezz.com

2024-9-5 16:00

In a devastating blow to the decentralized finance (DeFi) community, Penpie Protocol, built on top of the tokenized yield platform Pendle, suffered a $27 million exploit on September 3, 2024.

The attacker managed to siphon off a range of digital assets, including staked Ether (ETH), Ethena’s sUSDE, and wrapped USDC.

In response, Penpie has suspended all deposits and withdrawals while offering a negotiable bounty for the safe return of the stolen funds.

The protocol has promised not to pursue legal action if the funds are returned and to maintain the attacker’s anonymity, emphasizing the significance of these funds to its community.

Exploiter launders funds through Tornado Cash

Data from Etherscan reveals that the stolen funds, totaling over 11,113 ETH (approximately $27 million), were swapped for ETH using the Li.Fi protocol before being transferred to a separate laundering address identified as “0x..cC3.”

This address was subsequently used to funnel the funds into Tornado Cash, a well-known cryptocurrency mixer.

Before the attack, the exploit wallet was funded with 10 ETH, also transferred via Tornado Cash just hours before the heist.

At the time of reporting, the attacker had laundered 3,000 ETH through Tornado Cash across 30 transactions, each moving 100 ETH.

The attacker still holds 7,113.2 ETH (around $17 million) in an address labeled “0x2..C39.”

How the exploit happened

Security firm PeckShield identified that the exploit was carried out using a malicious contract dubbed “evil market.”

This contract exploited a vulnerability in Penpie’s reward distribution mechanism by inflating staking balances to claim unearned rewards.

The flaw, as outlined in Pendle’s post-mortem report, allowed anyone to create Pendle markets on Penpie without restrictions, which opened the door to this significant breach.

Following the attack, Penpie Protocol halted all operations, and Pendle temporarily paused all contracts as a precautionary measure to prevent further damage.

Impact on Penpie’s native token

The exploit had an immediate impact on Penpie’s native token, PNP, which saw its price plummet by roughly 40% in the aftermath.

Pendle’s native token, PENDLE, also dropped over 8%.

Although PNP has since made a modest recovery, it remains down 28.8% on the 24-hour chart, reflecting the ongoing uncertainty and shaken confidence in the protocol.

This incident adds to a growing list of security breaches in the crypto space.

According to PeckShield, crypto hacks resulted in approximately $266 million in losses in July, rising to $313 million in August.

Phishing attacks were particularly prevalent, accounting for 93.5% of all stolen crypto in August.

Among the most significant losses, 9,145 victims collectively lost around $63 million to phishing attacks in August alone.

In one particularly severe case, a whale lost $55.47 million worth of DAI after signing a malicious transaction.

Earlier this year, another significant attack saw memecoin deployer Pump.fun exploited for nearly $2 million in a “bonding curve” attack. These incidents underscore the persistent security challenges facing the DeFi space and highlight the urgent need for robust protective measures to safeguard investor assets.

As Penpie seeks to recover from this attack, the outcome of the bounty offer remains to be seen. However, the incident serves as a stark reminder of the risks inherent in the rapidly evolving world of decentralized finance.

The post Penpie Protocol offers bounty after $27 million crypto heist, stolen funds laundered via Tornado Cash appeared first on Invezz

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Cashcoin (CASH) на Currencies.ru

$ 0.0004289 (+0.63%)
Объем 24H $2
Изменеия 24h: -19.83 %, 7d: -30.46 %
Cегодня L: $0.0004262 - H: $0.0005443
Капитализация $22.93k Rank 999999
Доступно / Всего 53.458m CASH

million tornado penpie bounty cash hackers exploit

million tornado → Результатов: 53


Busted! North Korea Caught Laundering Millions Via Shady Crypto Mixer

Once more, North Korea has demonstrated its cyber prowess, possibly undermining international sanctions by using cryptocurrencies. According to a recent assessment by UN sanctions monitors, North Korea is suspected of using the Tornado Cash platform to launder a whopping $148 million that was taken from a cryptocurrency exchange in March. This event highlights how difficult […]

2024-5-15 12:30


Фото:

North Korean Lazarus group funnels over $100 million in Ethereum through sanctioned mixer Tornado Cash in 8 days

North Korea-backed Lazarus group has stepped up their use of sanctioned crypto mixer Tornado Cash, moving over $100 million worth of Ethereum through the platform in the past week. According to blockchain security firm PeckShield, addresses linked to the exploiters of Justin Sun-linked HTX exchange and Heco Bridge have transferred 40,391 ETH, equivalent to $145.

2024-3-22 16:13


Elliptic: за атакой на Horizon могут стоять хакеры Lazarus

Специалисты компании Elliptic заявили, что за атакой на кроссчейн-мост Horizon может стоять связанная с Северной Кореей хакерская группировка Lazarus. There are strong indications that North Korea’s Lazarus Group may be responsible for the $100 million Harmony heist | 41% of the stolen cryptoassets have been moved through the Tornado Cash mixer | Read our analysis:https://t.

2022-6-30 08:15