Penpie exploited for $27 million in reentrancy attack
The exploiter created malicious smart contracts and fake tokens to act as legitimate liquidity pools to trick Penpie's contract.
Yield protocol Penpie got exploited for $27 million on Sept. 3 after a malicious agent explored a vulnerability in the protocol’s smart contracts.
Penpie is a yield protocol on Pendle that aims to boost rewards for users on the network.
Reentrancy exploited
In a Sept. 4 breakdown, blockchain security firm Hacken explained that the attacker used a pool with fake tokens to perform the heist. The exploiter created valueless versions of Pendle’s yield-bearing tokens, Standardized Yield (SY), and tied them to valuable assets.
The attacker deployed five malicious contracts to act as legitimate liquidity pools and trick Penpie’s rewards system, but only three of them were used. He then leveraged the fake SY tokens as tickets to claim real yield.
Three attack transactions were executed between 6:25 P.M. and 6:42 P.M. UTC. The first transaction extracted the highest amount, siphoning $15.7 million, followed by two other transactions that took $5.6 million each out of Penpie’s contract.
The exploiter got away with 695 Restaked Swell ETH (rswETH), 4,101 Kelp Gain (agETH), 2,723 Wrapped Staked ETH (wstETH), and 2.52 million Staked Ethena USD (sUSDe).
The remaining two malicious contracts deployed by the exploiter were not used in the attack, which was made possible due to a reentrancy vulnerability in Penpie’s contract.
A reentrancy vulnerability occurs when a contract needs to make an external call to another smart contract before updating its own state. Thus, malicious contracts can fool the protocol by changing information and inputting actions.
Notably, the losses could have been larger. Pendle identified the malicious transactions and paused its contracts at 6:45 P.M. UTC, three minutes after the third attack. Hacken highlighted:
“This was crucial, as the attacker deployed a fourth malicious contract only a minute later. Pausing Pendle’s contracts effectively halted the exploit, preventing further loss.”
The whole batch of tokens was converted to Ethereum (ETH), amounting to roughly 10,113 ETH. The exploiter transferred 3,000 ETH to the mixer service Tornado Cash and currently holds 7,113.27 ETH, according to on-chain data.
The Penpie team reached out to the exploited via an on-chain message and an X post acknowledging the hack and claiming to be open to negotiating a bounty in exchange for the funds stolen. Furthermore, they promised that no legal action would be pursued.