DeFi project Pendle recently faced a potential drain of approximately $105 million following a significant hack involving Penpie, an independent yield optimizer operating within the Pendle ecosystem. Despite suffering a loss of around $27.3 million due to the exploit, Pendle's quick response to pause its contracts prevented further losses, allowing the platform to resume its operations swiftly.
Pendle Potential Hack: Over $27 Million Lost to The Attack
The attack occurred on Tuesday at 17:45 UTC when the attacker deployed a malicious contract funded through Tornado Cash, which interacted with Pendle's contracts. Pendle's internal monitoring system promptly detected this suspicious contract, triggering immediate alerts within the team.
By 17:46 UTC, Pendle's team was on high alert, initiating a swift investigation to assess the potential threat posed by the contract. Just minutes later, at 18:23 UTC, the attacker executed the first attack on Penpie, exploiting a vulnerability associated with a feature that enabled the permissionless listing of Pendle markets.
In response to the exploit, Pendle's team acted decisively to defend the platform and the broader ecosystem against further attacks. By 18:34 UTC, they engaged the services of security firm Seal 911 to evaluate the threat and devise strategies to prevent additional breaches.
At 18:45 UTC, Pendle made the crucial decision to pause all its contracts, effectively stopping any further exploitation attempts and safeguarding approximately $105 million from being drained. The platform also proactively communicated with other protocols using Pendle Principal tokens (PTs) as collateral, ensuring that the wider ecosystem was protected from the same vulnerability.
Restoration Process: PNP token Dip By more Than 33% Following Penpie Attack
By 18:52 UTC, Pendle's development team confirmed the safety of contracts within Pendle's scope, clarifying that the attack was limited to Penpie due to its specific vulnerability. Blockchain security firm PeckShield identified the root cause of the breach, attributing it to an "evil market" introduced by the attacker to manipulate staking balances on Penpie.
Despite the prompt response from Pendle, the attacker managed to siphon off approximately $27.3 million worth of assets, converting them into 11,109 ETH, according to blockchain analytics provider Lookonchain. Following extensive checks and confirmation that other platforms in the ecosystem were secure, Pendle resumed its contracts at 00:50 UTC on Wednesday.
Pendle expressed appreciation for everyone who contributed to the response efforts, highlighting the company's ongoing focus on platform safety and security. Despite the robust response, Penpie's PNP token experienced a sharp decline of more than 33%, while Pendle's native token also faced a drop of around 9% in the aftermath of the incident.
Penpie expressed a willingness to negotiate with the attacker, proposing a deal that included no legal action, confidentiality of the attacker's identity, and a bounty reward in exchange for cooperation. Speculation arose that the hack might be linked to North Korean hackers following a recent FBI warning about sophisticated cyberattacks targeting crypto and DeFi companies.
