Penpie DeFi platform hit by $27 million security breach

The decentralised finance (DeFi) platform Penpie (CRYPTO:PNP), built on the Pendle (CRYPTO:PENDLE) network, reportedly suffered a major security breach on September 3, 2024, resulting in the loss of approximately $27 million in various wrapped and synthetic crypto assets.

The breach was first identified by the on-chain monitoring system Cyvers Alert, which detected the exploit involving a smart contract initially funded with 10 Ether (CRYPTO:ETH) via Tornado Cash (CRYPTO:TORN).

Following the breach, Penpie acknowledged the incident, referring to it as a "security compromise."

The team halted all transactions and announced efforts to address the situation.

Pendle, the network on which Penpie operates, also responded swiftly by conducting thorough investigations to ensure its own funds were secure.

As a precaution, Pendle temporarily paused all contracts and provided support to the Penpie team to help mitigate the impact of the breach.

The Pendle team released an initial post-mortem report detailing the timeline of events surrounding the attack.

According to the report, their system immediately flagged the suspect contract as potentially dangerous when it was deployed due to its connection with Tornado Cash.

In response, Pendle initiated defensive measures to protect the network and its broader ecosystem against any potential follow-up attacks.

The protocol also collaborated with cybersecurity firms like Seal 911 to develop strategies to prevent further risks.

After thorough checks, Pendle unpaused its contracts and resumed normal operations.

In an attempt to recover the stolen funds, Penpie has reached out to the hacker, proposing a negotiation for a bounty.

The DeFi platform has offered the hacker immunity, anonymity, and a white-hat role if they agree to return the stolen assets.

Penpie has pledged not to pursue legal action and has promised not to reveal the hacker's identity.

As of the latest update, it remains unclear whether the hacker has accepted Penpie’s offer or initiated contact with the platform's team.

While Penpie's operations are still on hold, the team is working to restore its front end to ensure users can access their funds securely.

At press time, Penpie (PNP) was priced at $0.9514.