Share this article
DeFi Protocol Penpie Exploited for $27M of Crypto Assets; PNP Token Craters 40%
Crypto users lost some $2 billion due to hacks, scams and exploits throughout 2023, one report said.
Updated Sep 3, 2024, 8:46 p.m. Published Sep 3, 2024, 8:43 p.m. 1 min read
Decentralized finance (DeFi) protocol Penpie, built on top of tokenized yield platform Pendle, suffered an exploit on Wednesday, crypto observers reported.
Withdraw ALL funds from penpie ASAP. Their front end is broken rn so i withdrew my funds via contract.
— AzFlin (@AzFlin) September 3, 2024
To withdraw via contract: Go to https://t.co/LDc5tg4PZv. Call `withdrawMarketWithClaim()` with appropriate params. You can get your market and amount params by examining your… https://t.co/g85xG6vlgs
The alleged exploiter drained roughly $27 million of crypto assets including various types of staked ether {{ETH}}, Ethena's sUSDE and wrapped USDC stablecoin from the protocol, blockchain data shows. Later, it converted the proceeds to ETH using predominantly Li.fi and forwarded to asset to a new address, according to Etherscan data.
The exploiter's address was originally funded with 10 ETH, worth roughly $25,000, via crypto mixer Tornado Cash a few hours before the exploit took place, data shows.
Pendle confirmed that it identified a security compromise on Penpie's protocol and will maintain close communication with the team. Pendle added that investors' funds are safe on Pendle, but temporarily paused all contracts as a precautionary measure.
Penpie's token (PNP) cratered following the exploit, declining 40% in total during the day, CoinGecko data shows. Pendle (PENDLE) was down nearly 8% over the past 24 hours, underperforming bitcoin's and ETH's 1%-3% decline.
DeFi protocols are prone to hacks and exploits, and Penpie's attack was the latest example of that. Digital asset users lost some $2 billion in scams, hacks and exploits throughout 2023, De.fi reported earlier.
More For You
Ronghui Gu shares tips on how to isolate AI agents while testing them so they do not have access to critical personal information or digital assets.
What to know:
- Security firm CertiK warns that the rapid deployment of autonomous AI agents, often unisolated and unvetted, is creating a massive and dangerous “security debt” across networks and applications.
- By granting AI agents access to local files, credentials and financial tools, users are effectively creating powerful insider threats that can be...
Top Stories
