Pendle Defi Project Protects $105M from Potential Drain After Penpie Hack

In a swift and coordinated response, DeFi project Pendle successfully protected approximately $105 million from a potential drain following a significant hack involving Penpie, an independent yield optimizer built on the Pendle ecosystem.

Despite the attacker exploiting Penpie’s protocol, leading to a loss of around $27.3 million, Pendle’s rapid actions to pause its contracts prevented further losses, allowing the platform to resume normal operations quickly.

Pendle Potential Hack: Over $27 Million Lost to The Attack

The attack happened on Tuesday at 17:45 UTC. The attacker deployed a malicious contract funded through Tornado Cash, which interacted with Pendle’s contracts.

Pendle’s in-house monitoring system promptly detected this suspicious contract, setting off immediate alarms within the team.

By 17:46 UTC, Pendle’s team was on high alert, launching a rapid investigation to determine whether the contract posed a real threat to their platform.

Just minutes later, at 18:23 UTC, the attacker executed the first attack on Penpie, compromising its security.

Penpie, an independent protocol within the Pendle ecosystem, was specifically targeted due to a vulnerability tied to a feature that allowed permissionless listing of Pendle markets.

As the exploit unfolded, Pendle’s team mobilized swiftly to defend both Pendle and the broader ecosystem against any subsequent attacks.

By 18:34 UTC, they had enlisted the expertise of security firm Seal 911 to assist in evaluating the threat and developing appropriate strategies to prevent further breaches.

At 18:45 UTC, Pendle made the critical decision to pause all of its contracts. This decisive action successfully halted any further exploitation attempts, effectively safeguarding approximately $105 million from being drained.

Simultaneously, Pendle proactively communicated with other protocols utilizing Pendle Principal Tokens (PTs) as collateral, alerting them to the contract pause to prevent any unintended consequences, such as liquidations, during the disruption.

The response involved contacting liquid locker protocols like Equilibria and StakeDAO, ensuring that the broader ecosystem was shielded from the same exploit vector.

Restoration Process: PNP Token Dip By More Than 33% Following Penpie Attack

By 18:52 UTC, Pendle’s development team confirmed that the contracts within Pendle’s scope were safe, affirming that the attack was isolated to Penpie due to its specific vulnerability.

Blockchain security firm PeckShield further identified the root cause of the breach.

It revealed that the attacker had introduced an “evil market,” a malicious contract that inflated staking balances on Penpie to fraudulently claim rewards.

Despite Pendle’s quick response, the attacker managed to siphon off approximately $27.3 million worth of assets, which were converted into 11,109 ETH, according to blockchain analytics provider Lookonchain.

In the following hours, Pendle coordinated closely with all relevant parties to confirm that other platforms within the ecosystem were not at risk.

After rigorous checks and confirmation that Penpie had paused its own contracts and that there were no broader exposures, Pendle safely unpaused its contracts at 00:50 UTC on Wednesday.

The company extended gratitude to various individuals and teams who contributed to the response, emphasizing that the safety and security of the platform remain top priorities.

Despite Pendle’s robust response, Penpie’s impact was significant, with its PNP token plummeting by more than 33% immediately following the incident, as reported by CoinGecko.

Pendle’s native token also faced a decline, dropping around 9% over the following 24 hours.

In the aftermath, Penpie expressed willingness to negotiate with the attacker, proposing a deal that included no legal action, confidentiality of the attacker’s identity, and a bounty reward in exchange for cooperation.

Speculation had it that this might be the work of North Korean hackers because it followed a recent warning from the FBI about the sophisticated attack they targeted on crypto and DeFi companies.