- Penpie DeFi protocol hacked for $27 million on Sept. 3, 2024.
- Hacker sent $7M to crypto mixer Tornado Cash to obscure funds.
- Euler Finance hacker commended the Penpie hacker for keeping the stolen funds.
- The Penpie platform suspended deposits and withdrawals following the exploit.
$27M Penpie DeFi Hack Gains Praise from Notorious Hacker
The Penpie decentralized finance (DeFi) protocol fell victim to a massive exploit on September 3, 2024, with hackers making off with $27 million worth of digital assets. In response to the breach, Penpie suspended all deposits and withdrawals to prevent further losses. Shortly after, the hacker funneled $7 million of the stolen assets through the crypto mixer Tornado Cash, a service often used to obfuscate the origin of illicit funds.
While Penpie was still grappling with the aftermath, the hacker received an unexpected message of praise from another notorious cybercriminal—the hacker behind the $195 million Euler Finance flash loan attack in March 2023. The Euler exploiter commended the Penpie hacker for keeping the stolen funds rather than returning them. The onchain message read:
“Good job bro. I didn’t see a hack like this for a while. I’m happy you kept all the money and didn’t let these bastards get back one dollar of what you took. You won, they lost. Good job.”
This public interaction highlights the dark underbelly of the DeFi space, where hackers sometimes encourage each other in their exploits. They Wrote
DeFi Protocols Face Increasing Security Challenges
The Penpie hack underscores a growing concern in decentralized finance: the vulnerability of protocols to sophisticated attacks. In this case, the Penpie platform, which had attracted considerable assets, became a prime target for hackers. After the exploit, the hacker quickly laundered a portion of the stolen funds via Tornado Cash, making it harder for authorities to trace.
The incident echoes past attacks, such as the Euler Finance hack, where the exploiter initially refused to return funds but later conceded after pressure from the DeFi community and threats of a $1 million bounty for their capture. The Penpie hacker, however, seems to have no intention of following suit.
The Rising Threat of Crypto Phishing and Exploits
In addition to high-profile DeFi hacks like Penpie and Euler Finance, August 2024 saw a dramatic rise in phishing attacks. Over 9,000 victims lost approximately $63 million to phishing schemes, representing a 215% increase in the amount stolen compared to July. The most significant incident involved the loss of 55 million Dai (DAI) when a wallet owner unknowingly signed a malicious transaction.
As DeFi grows in popularity, so too does the sophistication of attacks targeting users and platforms. The Penpie hack serves as another stark reminder of the risks that continue to plague the decentralized finance ecosystem.