Penpie hacker launders 26% of $27M stolen funds in 12 hrs

The Penpie protocol’s hacker siphoned about $7 million of stolen funds through crypto mixer Tornado Cash within about twelve hours of draining $27 million on Sept. 3. 

On Sept. 4, Web3 security firm Cyvers alerted about the hacker transferring 26% of the hacked funds to a Tornado Cash address.

According to blockchain security firm PeckShield, the hacker’s address continues to launder the stolen funds across multiple transactions to Tornado Cash addresses. 

The Penpie protocol suspended all deposits and withdrawals following the $27 million hack. 

“At 1745 UTC, the attacker deployed the first contract to be used for the attack,” Pendle said in an X post on Sept. 4. 

Pendle said it contacted security experts Seal 911 to help stop any subsequent related attacks. 

All contracts on Pendle were suspended, which helped “stop any further attempts to drain assets from Penpie, ultimately safeguarding $105M that the attacker might have been able to drain from Penpie.” 

“At 0050 UTC, after rigorous checks and coordination with all relevant parties to confirm step 1 and 2, Pendle contracts were safely unpaused, and normal operations resumed.”

Crypto losses due to cyberattacks continue to be an area of concern

An Immunfi report from Aug. 29 pointed out that more than $1.2 billion in funds have been stolen through hacks and exploits so far this year, a 15.5% rise compared to the same period in 2023 when losses totaled a little over $1 billion. 

On Sept. 3, the United States Federal Bureau of Investigation (FBI) issued a warning that North Korean cyber criminals were targeting employees at decentralized finance and cryptocurrency firms to steal funds through “complex and elaborate” social engineering campaigns. 

Related: ZachXBT claims 21 North Korea crypto devs are making $500K a month

On Sept. 1, security firm PeckShield said that financial losses from hacks exceeded $313 million in August 2024. Two of the most significant attacks during the month resulted in the theft of about $238 million in Bitcoin (BTC) and $55 million in Dai (DAI). 

WazirX starts user INR withdrawals after $234.9 million hack

In July, India’s WazirX crypto exchange was a victim of one of the largest cyberattacks of 2024. WazirX lost $234.9 million of funds from one of its multisig wallets. The exchange is in the process of implementing a phased plan to restore its financial operations, including pursuing legal proceedings in Singapore.

On Sept. 3, WazirX announced that its users can withdraw up to the full 66 percent limit of their INR (Indian Rupees) balances. 

Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec