SubDAO Penpie has released a post-martem report on the hack that shook the crypto industry yesterday. The hack report revealed a total of 11,113.6 ETH(US$27.34 million) were stolen. Early today, it was also found that the PenPie hackers had transferred 1000 ETH worth $2.45 Million.
PenPie Hack Report
According to the report, the hackers had exploited a security vulnerability on the Penpie platform, which is located in the batchHarvestMarketRewards() function of the PendleStakingBaseUpg contract, and “added new deposits from flash loans”. The attacker also manipulated the rewards and the amount sent to the fake Pendle market depositor (who was the attacker himself).
As soon as an attack was detected, the Penpie team immediately stopped the deposit and withdrawal functions and went on track the stolen money with the help of several security agencies.
At present, the Penpie front end is back to normal. The team is however, working with law enforcement officials to identify and arrest the attacker. Moreover, the Penpie is expected to start a governance vote to come up with the compensation plan.
Advertisement
Hacker Moves 1000 ETH to Tornado Cash
Hours before the report came out, the hacker had already moved 1,000 ETH (worth about $2.45 million) to Tornado Cash in the past 3 hours.
According to Peckshield, the Penpie attacker’s address transferred 1,000 ETH (worth about $2.45 million) to Tornado Cash in the past 3 hours. Starting from yesterday, the hacker had been moving amounts of stolen funds in a series of transactions.
Peckshield reported that the Penpie attacker has moved around 4,000 ETH (worth $9.6 million) to Tornado Cash, so far.
CryptonewsZ was one of the first ones to report the attack, post the attack, PenPie also released a statement for negotiating a bounty for hackers and said that no legal actions would be pursued, if the stolen funds were returned.
Advertisement
Also Read: WazirX Hacker Moves 2600 Ethereum Worth $6.5M to Tornado Cash