- Penpie protocol lost $27M in a hack, with $7M funneled through Tornado Cash within 12 hours.
- DeFi protocols face rising security threats, as $1.2B has been stolen in 2024.
- Penpie and Pendle suspended operations to prevent further losses and secure $105M.
On September 3, 2024, there was a major security breach in the Penpie protocol when a hacker stole $27 million by taking advantage of flaws. Serious questions concerning the security of the decentralized finance (DeFi) industry have been raised by this incident.
The hacker used Tornado Cash, a well-known cryptocurrency mixer, to channel $7 million of the stolen money about 12 hours after the first theft. This action brought to light persistent problems in the DeFi space, where security breaches continue to cause significant financial losses.
Hackers Target DeFi Protocols Amid Rising Security Risks
Notably, The quick transfer of money to Tornado Cash highlights the difficulties DeFi protocols have in protecting assets. Tornado Cash is frequently used to obscure the source and destination of bitcoin transactions ,making it more challenging for law enforcement to follow the flow of pilfered money. Because these tools make it relatively easy for cybercriminals to launder large amounts of money, they pose a serious threat to the integrity of DeFi platforms.
Cyvers, a Web3 security company, informed the public about the hacker’s activities on September 4. Of the money taken, 26% was transferred by the hacker to a Tornado Cash address. The crypto community is now more concerned than ever about how effective the security measures in place are.
Furthermore, according to PeckShield, a blockchain security company, the hacker’s address kept transferring the money to different Tornado Cash addresses through a number of transactions. These developments point to a more comprehensive attack strategy used by the attacker to hide their tracks and complicate recovery operations.
Penpie Protocol Suspends Operations Following the Attack
Consequently, the Penpie protocol immediately suspended all deposits and withdrawals in response to the breach. The purpose of this action was to protect the platform’s remaining assets and stop additional losses.
Additionally, Pendle, a DeFi protocol connected to Penpie, stepped in and suspended all of its contracts. This precaution was essential in preventing any further attacks and safeguarding an additional $105 million that might have been compromised.
Pendle contacted the security company Seal 911 in an effort to help prevent any similar attacks. These organizations’ concerted efforts assisted in controlling the situation and averting additional harm. But the incident has highlighted the continuous weaknesses in the DeFi ecosystem and the pressing need for improved security measures.
DeFi Sector Faces Increasing Pressure to Enhance Security
The hacking of Penpie is not an isolated event. Security breaches in the DeFi sector have been steadily rising since 2024. An Immunfi report dated August 29 states that this year alone, hacks and exploits have stolen more than $1.2 billion.
Notably, this data shows that the threat to DeFi platforms is increasing, with a 15.5% increase from the same period in 2023. Moreover, the Federal Bureau of Investigation (FBI) of the United States has cautioned that cybercriminals from North Korea are increasingly focusing on DeFi and cryptocurrency companies.
Additionally, the ongoing difficulties facing the DeFi industry are starkly brought to light by the Penpie hack. Strong security measures are required as the industry expands in order to guard against increasingly complex attacks.
Penpie and Pendle’s prompt and well-coordinated response is praiseworthy. However, it also emphasizes how urgent it is to strengthen security measures throughout the whole DeFi ecosystem.