Currencies38131
Market Cap$ 2.27T+1.57%
24h Spot Volume$ 29.96B-9.50%
DominanceBTC56.33%+0.14%ETH9.48%+1.23%
ETH Gas0.14 Gwei
Cryptorank
/

Penpie exploited for $27 million in reentrancy attack


Penpie exploited for $27 million in reentrancy attack

Share:

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Yield protocol Penpie got exploited for $27 million on Sept. 3 after a malicious agent explored a vulnerability in the protocol’s smart contracts.

Penpie is a yield protocol on Pendle that aims to boost rewards for users on the network.

Reentrancy exploited

In a Sept. 4 breakdown, blockchain security firm Hacken explained that the attacker used a pool with fake tokens to perform the heist. The exploiter created valueless versions of Pendle’s yield-bearing tokens, Standardized Yield (SY), and tied them to valuable assets.

The attacker deployed five malicious contracts to act as legitimate liquidity pools and trick Penpie’s rewards system, but only three of them were used. He then leveraged the fake SY tokens as tickets to claim real yield.

Three attack transactions were executed between 6:25 P.M. and 6:42 P.M. UTC. The first transaction extracted the highest amount, siphoning $15.7 million, followed by two other transactions that took $5.6 million each out of Penpie’s contract.

The exploiter got away with 695 Restaked Swell ETH (rswETH), 4,101 Kelp Gain (agETH), 2,723 Wrapped Staked ETH (wstETH), and 2.52 million Staked Ethena USD (sUSDe).

The remaining two malicious contracts deployed by the exploiter were not used in the attack, which was made possible due to a reentrancy vulnerability in Penpie’s contract.

A reentrancy vulnerability occurs when a contract needs to make an external call to another smart contract before updating its own state. Thus, malicious contracts can fool the protocol by changing information and inputting actions.

Notably, the losses could have been larger. Pendle identified the malicious transactions and paused its contracts at 6:45 P.M. UTC, three minutes after the third attack. Hacken highlighted:

“This was crucial, as the attacker deployed a fourth malicious contract only a minute later. Pausing Pendle’s contracts effectively halted the exploit, preventing further loss.”

The whole batch of tokens was converted to Ethereum (ETH), amounting to roughly 10,113 ETH. The exploiter transferred 3,000 ETH to the mixer service Tornado Cash and currently holds 7,113.27 ETH, according to on-chain data.

The Penpie team reached out to the exploited via an on-chain message and an X post acknowledging the hack and claiming to be open to negotiating a bounty in exchange for the funds stolen. Furthermore, they promised that no legal action would be pursued.

The post Penpie exploited for $27 million in reentrancy attack appeared first on CryptoSlate.

Read the article at CryptoSlate

In This News

Coins

$ 1.79K

+2.87%

$ 0.00735

+3.02%

$ 0.00...361

$ 0.0869

$ 33.38K


Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 1.79K

+2.87%

$ 0.00735

+3.02%

$ 0.00...361

$ 0.0869

$ 33.38K


Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Cardano’s wallet hack exposed the user layer holding its on-chain government together

Cardano’s wallet hack exposed the user layer holding its on-chain government together

EMURGO said it is stepping down from its role in Pentad, the five-member group coordi...
BonkDAO’s estimated $20M drain exposes how memecoin treasuries can be raided by a simple vote

BonkDAO’s estimated $20M drain exposes how memecoin treasuries can be raided by a simple vote

The malicious proposal shows how token-weighted votes can become a treasury access pa...