The Penpie protocol suffered a significant breach on September 3, with hackers siphoning off $27 million. Approximately 12 hours later, the attackers transferred about $7 million of the stolen funds through the crypto mixer Tornado Cash, according to Web3 security firm Cyvers. This transfer constituted 26% of the stolen funds and is part of a broader laundering effort by the hacker.
In response to the breach, the Penpie protocol took immediate action by suspending all deposits and withdrawals. Pendle, a decentralized finance (DeFi) protocol, reported that the first attack contract was deployed at 17:45 UTC on September 3. To prevent further damage, Pendle enlisted security experts Seal 911 to help mitigate the attack.
Pendle’s swift response included suspending all contracts, which effectively halted any additional attempts to drain assets from Penpie. This action preserved $105 million that could have been at risk. By 00:50 UTC, after thorough checks and coordination with relevant parties, Pendle’s contracts were safely reactivated, allowing normal operations to resume.
The Penpie attack underscores a growing trend of cyber threats in the cryptocurrency space. According to an Immunfi report from August 29, over $1.2 billion in funds have been stolen through hacks and exploits in 2024—a 15.5% increase compared to the same period in 2023. The FBI also issued a warning on September 3 about North Korean cybercriminals targeting DeFi and cryptocurrency firms through complex social engineering schemes.
In August alone, financial losses from hacks exceeded $313 million, with two major attacks resulting in the theft of approximately $238 million in Bitcoin (BTC) and $55 million in Dai (DAI), as reported by security firm PeckShield.
In another significant incident, India’s WazirX crypto exchange experienced one of the largest cyberattacks of 2024 in July, losing $234.9 million from a multisig wallet. The exchange has since been working on a phased plan to restore its financial operations and pursue legal action in Singapore. On September 3, WazirX announced that users can now withdraw up to 66% of their Indian rupee balances, marking a partial recovery from the attack.
As these events highlight ongoing vulnerabilities in the crypto industry, the need for robust security measures and proactive responses remains critical.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up