Penpie DeFi Protocol Loses $27 Million: Crypto Theft Surpasses $1.2 Billion in 2024

Digital Forensics: TLDR:

• Penpie DeFi protocol was hacked for $27 million in cryptocurrency
• The hacker received praise from another notorious crypto thief
• Penpie has suspended deposits and withdrawals and filed reports with authorities
• Crypto hacks have stolen $1.21 billion in 2024, a 15.5% increase from 2023
• August 2024 saw a 215% rise in phishing attacks, with over $63 million stolen

On September 3, 2024, the Penpie decentralized finance (DeFi) protocol suffered a major security breach, resulting in the theft of approximately $27 million worth of cryptocurrency.

The incident is part of a growing trend of cyber attacks targeting the crypto industry, with total losses from hacks reaching $1.21 billion so far in 2024.

Penpie, an independent DeFi protocol built on the Pendle platform, confirmed that $27,348,259 worth of Ethereum was stolen during the attack. In response, the protocol has suspended all deposits and withdrawals to prevent further losses.

The Penpie team quickly took action, filing reports with both the Singapore police and the FBI’s Internet Crime Complaint Center (IC3).

In an attempt to recover the stolen funds, Penpie sent messages to the hacker, offering a negotiated bounty payment in exchange for the safe return of the assets.

The team also promised not to pursue legal action if the funds were returned. However, these efforts appear to have been unsuccessful, as the hacker continued to move the stolen cryptocurrency to different blockchain addresses.

The Penpie hack caught the attention of another notorious crypto thief – the individual responsible for the $195 million Euler Finance exploit in March 2023. In an on-chain message, the Euler hacker praised the Penpie attacker,

saying, “Good job bro. I didn’t see a hack like this for a while. I’m happy you kept all the money and didn’t let these bastards get back one dollar of what you took. You won, they lost. Good job.”

Pendle, the platform on which Penpie was built, reported that their internal security system detected the attack almost immediately.

While unable to prevent the $27 million loss from Penpie, Pendle’s quick actions reportedly stopped the hackers from taking an additional $105 million from other protocols on their platform.

The Penpie team acknowledged that the vulnerability exploited in this attack was related to a new feature introduced in May 2024. While previous audits had caught a portion of the vulnerability, which was believed to have been resolved, the addition of the new feature reintroduced the issue.

The company admitted that they should have conducted a full audit after adding new features and pledged to do so before restarting operations.

This incident is part of a larger trend of increasing crypto thefts in 2024. According to a report from Immunfi, the $1.21 billion stolen so far this year represents a 15.5% increase from 2023. The losses are spread across 154 separate incidents, with the majority occurring in the DeFi space.

August 2024 was particularly notable for crypto-related crimes. Security firm PeckShield reported that monetary losses from hacks exceeded $313 million during the month, with two significant attacks resulting in the theft of approximately $238 million in Bitcoin and $55 million in Dai.

Phishing attacks also saw a significant surge in August, with Scam Sniffer reporting a 215% increase in stolen funds compared to July.

Over 9,000 victims lost about $63 million to crypto phishing scams during the month, with most of the stolen amount attributed to one large-scale attack that led to a $55 million loss.