Decentralized financial platform Penpie was attacked by hackers who stole $27 million worth of Ethereum cryptocurrency. Penpie immediately suspended all operations and contacted the Singapore Police and FBI.
The attack on the Penpie platform was caused by a vulnerability that allowed attackers to reuse contracts. As a result, they were able to receive an illegal reward and withdraw funds; Penpie approached the hackers with an offer to return part of the stolen funds in exchange for a reward and avoid legal consequences. However, the attackers continued to move the stolen assets between different blockchain addresses.
Pendle, provided by Penpai, was able to prevent further potential losses of US$105 million by quickly suspending the contract. Penpie said it would conduct a new audit of the system and develop a compensation plan for affected users.
Penpy launched its service in June 2023 and has already been audited twice. The issue was caused by a newly implemented feature that caused a security vulnerability. The attack was carried out against the background of warnings by the FBI about the increased activity of North Korean hackers in the cryptocurrency space.