According to CoinDesk, decentralized finance (DeFi) protocol Penpie, built on the tokenized yield platform Pendle, experienced an exploit on Wednesday. Crypto observers reported that the alleged exploiter drained approximately $27 million in crypto assets, including various types of staked ether (ETH), Ethena's sUSDE, and wrapped USDC stablecoin from the protocol. Blockchain data shows that the proceeds were later converted to ETH using predominantly Li.fi and forwarded to a new address, as per Etherscan data.
The exploiter's address was initially funded with 10 ETH, worth roughly $25,000, via the crypto mixer Tornado Cash just a few hours before the exploit occurred. Pendle confirmed that it identified a security compromise on Penpie's protocol and stated that it would maintain close communication with the team. Pendle assured that investors' funds are safe on Pendle but temporarily paused all contracts as a precautionary measure.
Following the exploit, Penpie's token (PNP) plummeted, declining 40% throughout the day, according to CoinGecko data. Pendle (PENDLE) also saw a decrease, down nearly 8% over the past 24 hours, underperforming bitcoin (BTC) and ETH's 1%-3% decline. DeFi protocols are often vulnerable to hacks and exploits, and Penpie's attack is the latest example. Digital asset users lost approximately $2 billion in scams, hacks, and exploits throughout 2023, as reported by De.fi earlier.