Decentralized finance (DeFi) protocol Penpie, built on top of tokenized yield platform Pendle, suffered an exploit on Wednesday, crypto observers reported.
The alleged exploiter drained roughly $27 million of crypto assets including various types of staked ether (ETH) , Ethena's sUSDE and wrapped USDC stablecoin from the protocol, blockchain data shows. Later, it converted the proceeds to ETH using predominantly Li.fi and forwarded to asset to a new address , according to Etherscan data.
The exploiter's address was originally funded with 10 ETH, worth roughly $25,000, via crypto mixer Tornado Cash a few hours before the exploit took place, data shows.
Pendle confirmed that it identified a security compromise on Penpie's protocol and will maintain close communication with the team. Pendle added that investors' funds are safe on Pendle, but temporarily paused all contracts as a precautionary measure.
Penpie's token (PNP) cratered following the exploit, declining 40% in total during the day, CoinGecko data shows. Pendle (PENDLE) was down nearly 8% over the past 24 hours, underperforming bitcoin's (BTC) and ETH's 1%-3% decline.
DeFi protocols are prone to hacks and exploits, and Penpie's attack was the latest example of that. Digital asset users lost some $2 billion in scams, hacks and exploits throughout 2023, De.fi reported earlier.