- Pendle swiftly halted contracts, averting a $105M loss due to a breach at Penpie protocol.
- Collaboration with Seal 911 and security experts confined the breach, securing Pendle’s ecosystem.
- Pendle ensured ecosystem integrity by engaging with protocols using PTs as collateral.
DeFi platform Pendle successfully thwarted a potential loss of roughly $105 million stemming from an alleged security breach at Penpie, an independent protocol built on Pendle’s infrastructure.
The incident, which unfolded over several hours, triggered a swift and coordinated response, culminating in the temporary pausing of contracts to prevent further unauthorized withdrawals.
According to Pendle, the first signs of the breach were detected at 17:46 UTC, leading to increased vigilance by the Pendle team. The first attack occurred at 18:23 UTC at Penpie, prompting immediate defensive actions.
By 18:45 UTC, all Pendle contracts were paused, a crucial move that helped prevent additional asset losses from Penpie.
Additionally, security experts from Seal 911 were brought in at 18:34 UTC to assess and strategize the best approach to manage the unfolding situation. This collaborative effort ensured that the security breach remained isolated to Penpie without affecting the broader ecosystem that utilizes Pendle’s platform.
Following the pausing of contracts, Pendle Pendle reached out to other protocols using its PTs as collateral to ensure they were not vulnerable to similar exploits. This protective measure was crucial in maintaining the integrity of the broader ecosystem.
By 00:50 UTC, after thorough verification and coordination with all relevant parties, including security teams and protocols potentially affected by the same vulnerability, Pendle’s operations were safely restarted.
At the time of this report, the Penpie team is currently preparing a detailed incident analysis to provide insights and potentially assist other protocols to strengthen their defenses against similar incidents. Meanwhile, Pendle has confirmed that their contracts are secure, and normal operations have resumed without any risk to user funds.
Pendle concluded by expressing gratitude to the cybersecurity community with a shoutout to Dan Caspi of Hypernative Labs and others like @pcaversaccio, for their quick support and expertise during the crisis.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
