• A hacker robbed $27 million in Ethereum from Penpie and cleaned it using Tornado Cash.
  • Penpie offered a bounty and legal immunity, but the criminal ignored their attempts to recover the funds.
  • Tornado Cash helped the hacker hide the stolen ETH, making retrieval efforts futile.

A malicious individual stole $27M in ETH from Penpie and remitted it through Tornado Cash. The breach, which occurred  on September 4, 2024, resulted in the theft of approximately 11,261 ETH. The perpetrator disregarded Penpie’s efforts to recuperate the funds and moved all the missing ETH through the crypto-mixing service.

Failed Negotiations and Bounty Offer

Penpie tried to get the stolen ETH back by offering the culprit a bounty and a chance to work with them as a white-hat hacker. The framework assured the thief  they would not take legal action if the funds were returned. However, the criminal dismissed these offers and continued to launder the resources through Tornado currency.

The Penpie hacker has deposited the last 1,661 ETH into Tornado Cash today. This means that the $27 million in assets (about 11,261 ETH) stolen from Penpie by the Penpie hacker have all been transferred through Tornado. Penpie had earlier told the hacker that it was willing to… https://t.co/cFpp3cGotq

— Wu Blockchain (@WuBlockchain) September 8, 2024

Penpie also announced a 10% bounty for anyone who could provide information that would lead to the recovery of the stolen assets. Despite this incentive, the hacker transferred the entire $27 million in Ethereum through Tornado Cash, which is known for its ability to obscure cryptocurrency transactions.

Final Transfer Through Tornado Cash

On September 8, 2024, the hacker completed the final transfer of 1,661 ETH into Tornado Cash. On-chain analyst Yu Jin reported that this transaction happened just three hours before it was detected. This transfer marked the final step in laundering all the stolen Ethereum.

Tornado Cash, a network that blends crypto payments, allows users to eliminate the identifiable links between senders and receivers. Because of this, it has become a favoured weapon for cybercriminals. Even though there have been efforts to oversee it, Tornado Cash’s autonomous and private nature makes it hard to manage.

Read CRYPTONEWSLAND on google news

Security Issues in DeFi Platforms

The Penpie hack emphasises the security challenges faced by decentralised finance avenues. Penpie, built on the Pendle Finance protocol, aims to enhance liquidity provision and yield farming. It offers features that let users split and trade yield-bearing assets, maximising returns.

Yet, the distributed structure of DeFi stages also makes them vulnerable to attacks. The hacker’s ability to wash $27 million without being traced shows the difficulties in securing digital assets in this ecosystem. As of now, there has been no recovery of the stolen funds, leaving Penpie and its users with significant financial losses.

The situation raises an important question: How can DeFi platforms improve their security to prevent such breaches?

disclaimer read more

Crypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.