In a dramatic turn of events on Tuesday, DeFi project Pendle faced a significant security challenge when its ecosystem yield optimizer, Penpie, was compromised. However, thanks to swift action and effective risk management, Pendle successfully safeguarded approximately $105 million in funds that could have otherwise been drained.
The breach, which became apparent early Wednesday morning, was promptly contained when Pendle’s team initiated a strategic pause on its contracts. “Thanks to coordinated efforts from multiple parties, further breaches were mitigated, and Pendle contracts have now been unpaused. Normal operations have resumed,” Pendle reassured its community in a post on X (formerly Twitter).
Despite the quick response, the attacker managed to exploit Penpie’s protocol, siphoning off roughly $27.3 million. The stolen assets were exchanged for 11,109 ETH, as detailed by blockchain analytics firm Lookonchain. According to blockchain security expert PeckShield, the attack was facilitated by an “evil market”—a malicious contract designed to inflate staking balances on Penpie and extract unwarranted rewards.
Pendle confirmed that the vulnerability stemmed from Penpie’s feature allowing permissionless market listings. Although Pendle’s in-house monitoring system promptly detected the suspicious contract—funded through Tornado Cash—it was unable to halt the initial attack.
Following the exploit, Penpie’s PNP token plummeted by more than 33%, based on data from CoinGecko. Pendle’s native token also saw a decline of approximately 9% over the past 24 hours, as reported by The Block’s Pendle Price Page.
Also Read: Whale Moves $3.8 Million PENDLE to Binance: Profit Taking Moves or Is a Bull Run Brewing?
In a bid to resolve the situation, Penpie has offered a unique proposition to the hacker. The platform is open to negotiating a deal that would see no legal action taken against the attacker, who would remain anonymous and receive a percentage of the stolen funds as a bounty reward. Penpie remains paused as it works to restore its systems and secure its protocols.
This incident underscores the ongoing challenges and risks within the DeFi sector, highlighting the critical need for robust security measures and rapid response strategies. As Pendle continues to navigate the aftermath, its proactive measures have so far succeeded in protecting the majority of its assets and restoring confidence in its platform.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
