DeFi Project Pendle Successfully Protects $105 Million Following Hack on Penpie, but Loses $27.3 Million

• The DeFi project Pendle successfully protected around $105 million in funds following a hack on its ecosystem.
• Coordinated efforts from multiple parties mitigated further breaches and normal operations have resumed.
• The attacker exploited Penpie's protocol for $27.3 million, exchanging stolen assets for 11,109 ETH.
• The root cause was the introduction of an "evil market" contract that inflated staking balances.
• Pendle confirmed the vulnerability and suspended all deposits and withdrawals.
• Crypto phishing attacks surged by over 215% in August, resulting in losses exceeding $55 million.

Summary :
DeFi project Pendle has announced that it successfully protected around $105 million in funds following a hack on its ecosystem yield optimizer, Penpie. The project paused its contracts and coordinated efforts from multiple parties to mitigate further breaches. However, the attacker still managed to exploit Penpie's protocol for approximately $27.3 million. The root cause of the hack was the introduction of a malicious contract that inflated staking balances. Pendle confirmed that the vulnerability was linked to a unique feature that allowed permissionless listing of Pendle markets on Penpie. The project reassured users that funds on Pendle remain safe and unaffected. Meanwhile, the hacker behind the WazirX breach has transferred $6.5 million worth of stolen funds through the crypto mixer Tornado Cash. WazirX is in the process of restructuring and has implemented a 66% limit on users' Indian rupee withdrawals. The hacker's address has made 26 transfers to Tornado Cash, attempting to launder the stolen funds. The hacker responsible for the WazirX exploit is believed to be associated with the North Korean Lazarus Group.

Sources :

- TheBlock
- CoinTelegraph
- CoinTelegraph