Hacker Behind DeFi Protocol Penpie Moves $7M to Tornado Cash

On September 3, the Penpie protocol experienced a significant security breach, with hackers stealing approximately $27 million worth of crypto assets from the platform. Current data shows that around $7 million of the stolen funds were transferred through the crypto mixer Tornado Cash to an unnamed wallet.

🚨ALERT🚨@Penpiexyz_io exploiter has deposited around $7M to @TornadoCash at https://t.co/f17YcJ6blH

Want to keep your company off our alerts radar? Learn how to secure your assets: Book a Demo 🚀 https://t.co/uUbFkFTp4h#CyversAlert https://t.co/zFX85sK9A9 pic.twitter.com/J20g3HS2T0

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 4, 2024

What is Penpie?

Penpie is a decentralized finance (DeFi) platform that operates as a yield aggregator. It uses the Pendle protocol, which allows users to tokenize and trade future yields on various assets.

Essentially, Pendle enables users to separate and sell the future income (interest or returns) generated by their assets from the principal amount. This mechanism helps Penpie optimize and automate the yield farming process, aiming to maximize returns for its users. The recent breach was linked to vulnerabilities in Pendle’s underlying technology, directly impacting Penpie’s operations.

Penpie Temporarily Halts Operations

In response to the breach, Penpie immediately suspended all deposits and withdrawals to limit the damage. Pendle, which provides the technology behind Penpie, acted quickly by suspending its contracts and enlisting the help of security experts from Seal 911. This swift action was crucial in preventing further theft and protecting an additional $105 million from being compromised.

By September 4 at 00:50 UTC, Pendle had completed a thorough review and coordinated with all relevant parties to resume normal operations and reactivate its contracts safely. Pendle confirmed that the funds were protected due to a prompt suspension of its contracts. The project stated:

“Thanks to coordinated efforts from multiple parties, further breaches were prevented, and Pendle’s contracts have now been reactivated. Normal operations have resumed.”

Pendle also reassured users that their funds remain secure and unaffected, emphasizing their commitment to prioritizing the platform’s safety and security. However, Penpie’s operations are still paused at press time.

Following the incident, Penpie’s PNP token fell by over 33%, according to CoinGecko, while Pendle’s native token (PENDLE) dropped approximately 9% in the past 24 hours. Notably, Penpie has proposed negotiating with the hacker. The platform offered to forgo legal action, keep the hacker’s identity confidential, and provide a bounty reward in exchange for cooperation.