Decentralized finance (DeFi) protocol Penpie, built on top of tokenized yield platform Pendle, suffered an exploit on Wednesday, crypto observers reported.
Withdraw ALL funds from penpie ASAP. Their front end is broken rn so i withdrew my funds via contract.
— AzFlin (@AzFlin) September 3, 2024
To withdraw via contract: Go to https://t.co/LDc5tg4PZv. Call `withdrawMarketWithClaim()` with appropriate params. You can get your market and amount params by examining your… https://t.co/g85xG6vlgs
The alleged exploiter drained roughly $27 million of crypto assets including various types of staked ether (ETH), Ethena's sUSDE and wrapped USDC stablecoin from the protocol, blockchain data shows. Later, it converted the proceeds to ETH using predominantly Li.fi and forwarded to asset to a new address, according to Etherscan data.
The exploiter's address was originally funded with 10 ETH, worth roughly $25,000, via crypto mixer Tornado Cash a few hours before the exploit took place, data shows.
Pendle confirmed that it identified a security compromise on Penpie's protocol and will maintain close communication with the team. Pendle added that investors' funds are safe on Pendle, but temporarily paused all contracts as a precautionary measure.
Penpie's token (PNP) cratered following the exploit, declining 40% in total during the day, CoinGecko data shows. Pendle (PENDLE) was down nearly 8% over the past 24 hours, underperforming bitcoin's (BTC) and ETH's 1%-3% decline.
DeFi protocols are prone to hacks and exploits, and Penpie's attack was the latest example of that. Digital asset users lost some $2 billion in scams, hacks and exploits throughout 2023, De.fi reported earlier.