A hacker robbed $27 million in Ethereum from Penpie and cleaned it using Tornado Cash.
Penpie offered a bounty and legal immunity, but the criminal ignored their attempts to recover the funds.
Tornado Cash helped the hacker hide the stolen ETH, making retrieval efforts futile.
A malicious individual stole $27M in ETH from Penpie and remitted it through Tornado Cash. The breach, which occurred on September 4, 2024, resulted in the theft of approximately 11,261 ETH. The perpetrator disregarded Penpie’s efforts to recuperate the funds and moved all the missing ETH through the crypto-mixing service.
Failed Negotiations and Bounty Offer
Penpie tried to get the stolen ETH back by offering the culprit a bounty and a chance to work with them as a white-hat hacker. The framework assured the thief they would not take legal action if the funds were returned. However, the criminal dismissed these offers and continued to launder the resources through Tornado currency.
https://twitter.com/WuBlockchain/status/1832607052759495040
Penpie also announced a 10% bounty for anyone who could provide information that would lead to the recovery of the stolen assets. Despite this incentive, the hacker transferred the entire $27 million in Ethereum through Tornado Cash, which is known for its ability to obscure cryptocurrency transactions.
Final Transfer Through Tornado Cash
On September 8, 2024, the hacker completed the final transfer of 1,661 ETH into Tornado Cash. On-chain analyst Yu Jin reported that this transaction happened just three hours before it was detected. This transfer marked the final step in laundering all the stolen Ethereum.
Tornado Cash, a network that blends crypto payments, allows users to eliminate the identifiable links between senders and receivers. Because of this, it has become a favoured weapon for cybercriminals. Even though there have been efforts to oversee it, Tornado Cash’s autonomous and private nature makes it hard to manage.
Security Issues in DeFi Platforms
The Penpie hack emphasises the security challenges faced by decentralised finance avenues. Penpie, built on the Pendle Finance protocol, aims to enhance liquidity provision and yield farming. It offers features that let users split and trade yield-bearing assets, maximising returns.
Yet, the distributed structure of DeFi stages also makes them vulnerable to attacks. The hacker’s ability to wash $27 million without being traced shows the difficulties in securing digital assets in this ecosystem. As of now, there has been no recovery of the stolen funds, leaving Penpie and its users with significant financial losses.
The situation raises an important question: How can DeFi platforms improve their security to prevent such breaches?
The post Penpie Hacker Launders $27M in Ethereum Through Tornado Cash Despite Bounty Offer appeared first on Crypto News Land.