bitcoin
Bitcoin (BITCOIN)
$96,068 -0.15%
ethereum
Ethereum (ETHEREUM)
$2,711 0.16%
binancecoin
BNB (BINANCECOIN)
$656.59 -0.54%
solana
Solana (SOLANA)
$170.92 0.87%
ripple
XRP (RIPPLE)
$2.60 -0.50%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000015 -0.47%
pepe
Pepe (PEPE)
$0.000009 -2.18%
bonk
Bonk (BONK)
$0.000016 -0.34%
bitcoin
Bitcoin (BITCOIN)
$96,068 -0.15%
ethereum
Ethereum (ETHEREUM)
$2,711 0.16%
binancecoin
BNB (BINANCECOIN)
$656.59 -0.54%
solana
Solana (SOLANA)
$170.92 0.87%
ripple
XRP (RIPPLE)
$2.60 -0.50%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000015 -0.47%
pepe
Pepe (PEPE)
$0.000009 -2.18%
bonk
Bonk (BONK)
$0.000016 -0.34%
bitcoin
Bitcoin (BITCOIN)
$96,068 -0.15%
ethereum
Ethereum (ETHEREUM)
$2,711 0.16%
binancecoin
BNB (BINANCECOIN)
$656.59 -0.54%
solana
Solana (SOLANA)
$170.92 0.87%
ripple
XRP (RIPPLE)
$2.60 -0.50%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000015 -0.47%
pepe
Pepe (PEPE)
$0.000009 -2.18%
bonk
Bonk (BONK)
$0.000016 -0.34%
Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
Penpie Hacker Transfers Stolen $27M ETH to Tornado Cash, Dodging Bounty

Highlights:

  • The Penpie hacker laundered $27M in Ethereum via Tornado Cash despite Penpie’s offer of a bounty and legal immunity.
  • The stolen funds, totaling 11,261 ETH, were transferred in batches to Tornado Cash, making recovery efforts futile.
  • The Penpie hack highlights the security vulnerabilities in DeFi platforms, with the stolen funds remaining untraceable.

The Penpie hacker has successfully laundered $27 million worth of stolen Ethereum through Tornado Cash, disregarding all attempts by the DeFi platform to recover the funds. The hacker moved the stolen assets in batches, using the notorious crypto mixer to obscure the transactions, making it nearly impossible to trace the funds.

Advertisement

Banner

On September 4, 2024, the hacker exploited a vulnerability in Penpie’s security, leading to the theft of 11,261 ETH, valued at approximately $27 million at the time. Despite the company’s efforts to negotiate with the hacker, including offering a bounty and legal immunity, all attempts were dismissed. 

Final Transfer Through Tornado Cash

On September 8, 2024, the hacker completed the final transaction, transferring 1,661 ETH through Tornado Cash. Etherscan reported that this transaction was detected only three hours after it occurred, marking the completion of the laundering process.

Tornado Cash has become a preferred tool for cybercriminals due to its ability to anonymize cryptocurrency transactions. The service blends multiple transactions, effectively severing the link between the sender and receiver. While this provides a layer of privacy, it also makes it difficult for authorities and affected parties to track and recover stolen funds.

The Penpie hack underscores the ongoing security challenges faced by decentralized finance platforms. Built on the Pendle Finance protocol, Penpie allows users to maximize returns through yield farming and liquidity provision. However, its distributed nature also makes it vulnerable to sophisticated attacks.

According to blockchain security firm PeckShield, the hacker started laundering the stolen funds on September 6 by transferring 7,262 ETH ($17.4 million) to an intermediary address. This address then sent 5,600 ETH ($13.4 million) to Tornado Cash. The hacker continued this pattern until all 11,261 ETH had been laundered.

Failed Negotiations and Bounty Offer

Penpie made several efforts to recover the stolen funds, including a proposal to the hacker to work with them as a white-hat hacker. This offer included a bounty and assurance of no legal consequences if the funds were returned. However, the hacker ignored these overtures and continued to launder the stolen assets.

The platform also announced a 10% bounty for anyone providing information, which led to the recovery of the stolen Ethereum. Despite this, the hacker successfully transferred the entire amount through Tornado Cash, a tool known for anonymizing cryptocurrency transactions. This move effectively rendered Penpie’s efforts futile.

Crypto Phishing Losses Raised by 215% in August

Cryptocurrency phishing attacks dramatically rose in August, with financial losses soaring to $63 million—a 215% increase from July. The spike was largely attributed to a single incident on August 20, when a decentralized finance (DeFi) protocol hack resulted in a $55 million loss. The attack occurred when a crypto holder unknowingly authorized a transaction, transferring 55.47 million Dai to a phishing address, underscoring the growing sophistication of phishing scams in the crypto ecosystem.

Moreover, the victim’s attempt to retrieve the stolen funds failed, as the ownership of the assets had already shifted. This incident highlights the heightened risks in cryptocurrency, where even a small oversight can lead to massive financial losses. These attacks’ increased frequency and severity emphasize the need for heightened vigilance and security measures within the crypto community.

Advertisement

Banner

Advertisement

Banner

Advertisement

Banner