The decentralized finance (DeFi) protocol Penpie was hit by a major exploit on Wednesday. This incident resulted in a loss of about $27 million in cryptocurrency assets, according to blockchain data.

The attacker stole various tokens, including staked Ethereum (ETH), Ethena’s sUSDE, and wrapped USDC. After stealing the funds, they converted them to ETH using the Li.Fi protocol and moved the assets to a new address.

Blockchain security firm Cyvers reported the incident. They detected suspicious activity related to Penpie’s contract. The report indicated that an address funded by a crypto mixing service executed a malicious transaction, acquiring around $27 million worth of digital assets.

Interestingly, Etherscan data shows that the attacker’s address received an initial deposit of 10 ETH, valued at roughly $25,000. This deposit came via Tornado Cash just hours before the exploit. It helped mask the attacker’s identity.

Pendle confirmed the breach in Penpie’s system. However, they reassured users that their funds on Pendle remain safe. As a precaution, the company temporarily halted all contracts. They are working closely with the Penpie team to assess the damage.

According to Pendle, “Our funds are secure after an investigation. A security issue was found in Penpiexyz, a separate protocol built on Pendle. All contracts have been paused, and we are collaborating with the Penpie team to resolve this quickly!”

The attack had a significant impact on Penpie’s native token (PNP), which plummeted by 40%. Data from BeInCrypto shows that Pendle’s token (PENDLE) also dropped by 8%, which is more than the losses in the broader crypto market.

This incident is part of a troubling trend. In 2024, the number of crypto hacks has surged. A recent report from Immunefi reveals that hackers have stolen over $1.2 billion across 154 incidents this year. This highlights the vulnerabilities in DeFi protocols and other crypto platforms.

In August 2024 alone, crypto hacks led to losses exceeding $313 million, according to security firm PeckShield. The two largest incidents that month accounted for the theft of $238 million in Bitcoin and $55 million in DAI.

Phishing attacks have also increased. A report from Scam Sniffer shows a staggering 215% rise in financial losses during August. Although the number of attacks decreased compared to July, the amount of stolen funds spiked. One phishing scheme netted an astonishing $55 million.