The decentralized finance (DeFi) ecosystem has been rocked by another major security breach. Penpie, a protocol built on the Pendle platform, suffered a hack on September 3, 2024. The protocol informed that the breach resulted in the theft of approximately $27 million worth of cryptocurrency. This Penpie Defi Hack adds to the already concerning rise in crypto scams, pushing total losses for 2024 past the staggering $1.2 billion mark.
Details of the Penpie DeFi Hack
The Penpie post-mortem report sheds light on some specifics of the exploit. It reveals that the attacker leveraged a vulnerability in Penpie’s reward distribution mechanism. This vulnerability allowed the attacker to deploy a malicious smart contract, categorized as an “evil market,” that inflated the attacker’s staking balance on the platform. By manipulating this balance, the attacker could claim a significantly larger share of rewards than intended, ultimately draining millions of dollars worth of crypto assets.
Following the hack, the blockchain suspended all deposits and withdrawals, effectively halting operations to prevent further losses. The team also filed complaints with both the Singapore police and the FBI. They also sent a message to the hacker promising a negotiated bounty payment in exchange for the safe return of funds.
“We acknowledge your exploit of our protocol,” they wrote. “Please contact us to discuss terms confidentially. No legal action will be pursued if the funds are returned. Let’s find a mutually beneficial solution.”
Euler Finance Cybercriminal Lauds Penpie Hacker
Soon after the incident, reports emerged that the Penpie hacker quickly moved a significant portion of the stolen funds – around $7 million – through the crypto mixer Tornado Cash. These mixers are designed to obfuscate the origin and destination of cryptocurrency transactions, making them a popular tool for criminals seeking to launder ill-gotten gains.
Following the crypto hack, another infamous Euler Finance hacker, responsible for a $195 million DeFi heist in 2023, left on the blockchain. The message, directed at the Penpie hacker, expressed praise for their decision not to return the stolen funds.
“Good job bro. I didn’t see a hack like this for a while. I’m happy you kept all the money and didn’t let these bastards get back one dollar of what you took. You won, they lost. Good job,” they wrote.
Over 9,000 Victims in August Due to Cyrpto Phishing Scams: Report
Unfortunately, the Penpie incident is just one in a series of major DeFi hacks in 2024. The cryptocurrency landscape continues to be plagued by cyberattacks, with the total value of stolen funds in 2024 surpassing $1.21 billion. This represents a 15.5% increase compared to the previous year, according to a report by Immunfi. The losses are spread across 154 separate incidents, with the majority occurring in the DeFi space.
August 2024 was particularly alarming for crypto investors, as hackers exploited various vulnerabilities to steal millions of dollars. Two major attacks during this period resulted in the theft of approximately $238 million in Bitcoin and $55 million in Dai.
Phishing scams also saw a significant surge in August, with Scam Sniffer reporting a 215% increase in stolen funds compared to the previous month. Over 9,000 victims fell prey to these scams, losing about $63 million. A single large-scale phishing attack accounted for the majority of these losses, with approximately $55 million stolen.
Regulation and the Future of DeFi
The increasing frequency of DeFi hacks has also sparked discussions surrounding potential regulations. While some advocate for a more hands-on approach from regulatory bodies, others argue that such measures may stifle innovation and the core principles of DeFi.
Finding the right balance between security and innovation remains a challenge. However, it’s clear that addressing security vulnerabilities will be essential for fostering long-term trust and stability in the DeFi ecosystem.
