Friend
Professional
- Messages
- 2,653
- Reaction score
- 842
- Points
- 113
On September 3, a hacker attacked the Penpie DeFi protocol and withdrew digital assets worth more than $27.3 million, PeckShield experts reported.
"The root cause was the introduction of a malicious market, which was used to inflate the staking balance in order to obtain unreasonable rewards," the experts explained.
According to a statement from the Penpie team, an internal monitoring system detected a suspicious contract funded from the Tornado Cash mixer. The developers have stopped depositing and withdrawing funds, as well as the operation of all markets on the platform.
According to them, timely action helped protect approximately $105 million that the hacker could theoretically withdraw from Penpie.
The team confirmed that the attacker had exploited a protocol feature that allowed markets to be placed without restrictions.
At the time of writing, the platform has returned to normal operation. Penpie offered the hacker to move into the category of "white hats" by returning the funds for a reward. In return, he was promised confidentiality and no legal prosecution.
"We hope that you see the value in resolving this issue peacefully. Please contact us to discuss the details," the developers wrote.
PeckShield experts recorded a hacker transferring at least about 3000 ETH (~$7.32 million) to Tornado Cash for laundering.
The price of the Penpie token (PNP) reacted to the incident with a collapse from $1.33 to $0.89. Quotes recovered to levels around $0.98, losing 34.2% over the day (CoinGecko).
The capitalization of the coin is ~$5.15 million,
according to DeFi Llama, the value of funds locked in Penpie smart contracts is $90.44 million, at the maximum recorded in July, the figure exceeded $386 million.
"The root cause was the introduction of a malicious market, which was used to inflate the staking balance in order to obtain unreasonable rewards," the experts explained.
According to a statement from the Penpie team, an internal monitoring system detected a suspicious contract funded from the Tornado Cash mixer. The developers have stopped depositing and withdrawing funds, as well as the operation of all markets on the platform.
According to them, timely action helped protect approximately $105 million that the hacker could theoretically withdraw from Penpie.
The team confirmed that the attacker had exploited a protocol feature that allowed markets to be placed without restrictions.
At the time of writing, the platform has returned to normal operation. Penpie offered the hacker to move into the category of "white hats" by returning the funds for a reward. In return, he was promised confidentiality and no legal prosecution.
"We hope that you see the value in resolving this issue peacefully. Please contact us to discuss the details," the developers wrote.
PeckShield experts recorded a hacker transferring at least about 3000 ETH (~$7.32 million) to Tornado Cash for laundering.
The price of the Penpie token (PNP) reacted to the incident with a collapse from $1.33 to $0.89. Quotes recovered to levels around $0.98, losing 34.2% over the day (CoinGecko).
The capitalization of the coin is ~$5.15 million,
according to DeFi Llama, the value of funds locked in Penpie smart contracts is $90.44 million, at the maximum recorded in July, the figure exceeded $386 million.