Within approximately twelve hours of stealing $27 million on September 3, the hacker responsible for the Penpie protocol transfers roughly $7 million of stolen funds through the crypto mixer Tornado Cash.
The intruder transferred 26% of the hacked funds to a Tornado Cash address on September 4, according to Web3 security firm Cyvers.
The hacker’s address is continuously laundering the stolen funds through numerous transactions to Tornado Cash addresses, per blockchain security firm PeckShield.
As a result of the $27 million breach, the Penpie protocol has suspended all deposits and withdrawals.
“The attacker deployed the initial contract for the attack at 1745 UTC,” Pendle stated in an X post on September 4.
Wi-Fi protocol Pendle stated that it contacted security specialists Seal 911 to prevent any subsequent linked attacks.
The suspension of all contracts on Pendle prevented additional attempts to siphon assets from Penpie, thereby protecting $105M that the attacker could have potentially taken.
“At 0050 UTC, after rigorous checks and coordination with all relevant parties to confirm step 1 and 2, Pendle contracts were safely unpaused, and normal operations resumed.”
Crypto Losses resulting from cyberattacks
An Immunfi report from August 29 indicated that over $1.2 billion in funds had been stolen through breaches and exploits thus far this year, a 15.5% increase from the same period in 2023 when losses stood at slightly over $1 billion.
The United States Federal Bureau of Investigation (FBI) issued a warning on September 3 against North Korean cyber criminals targeting employees at decentralized finance and cryptocurrency firms to steal funds through “complex and elaborate” social engineering campaigns.
PeckShield, a security firm, reported on September 1 that financial losses from breaches in August 2024 exceeded $313 million.
The theft of approximately $238 million in Bitcoin resulted from two of the most significant attacks during the month.
