DeFi protocol Pendle says it saved around $105 million from being further drained following a $27 million hack of Pendle-based yield optimizer Penpie.
The project said in a post-mortem that funds on Pendle were not at risk, and normal operations have since resumed, though Penpie remains paused.
DeFi project Pendle claims to have safeguarded around $105 million in funds that could have been drained from Penpie following a hack on Tuesday on the independent Pendle ecosystem yield optimizer.
In a post-mortem following the incident early Wednesday morning, Pendle said the funds were protected following a prompt pause in its contracts. “Thanks to coordinated efforts from multiple parties, further breaches were mitigated, and Pendle contracts have now been unpaused. Normal operations have resumed,” the project wrote on X. “We want to reassure Pendies that funds on Pendle remain safe and unaffected, and we will continue to prioritize the safety and security of our platform above all else.”
However, the attacker still managed to exploit Penpie’s protocol for around $27.3 million, with various stolen assets exchanged for 11,109 ETH, according to blockchain analytics provider Lookonchain.
Blockchain security firm PeckShield said the root cause was introducing an “evil market” — a malicious contract used to inflate the staking balances on Penpie to claim unwarranted rewards.