Approximately $27 million worth of crypto currency was taken this week by hackers from the Penpie decentralized finance (DeFi) network with the FBI, and Singapore Police filed a complaint about this cybercrime. In a statement, Penpie acknowledged that $27,348,259 worth of Ethereum was stolen on Tuesday and that both deposits and withdrawals had been stopped.
Members of the Penpie squad arrived at the Kampong Java Neighbourhood Police Centre in Singapore to file a report on the incident, the team said, hours after the attack. Penpie also sent a message to the hacker on Wednesday, offering a negotiated bounty payment in exchange for the safe return of funds, and filed a complaint with the FBI’s Internet Crime Complaint Center (IC3).
“We acknowledge your exploit of our protocol,” they wrote. “Please contact us to discuss terms confidentially. No legal action will be pursued if the funds are returned. Let’s find a mutually beneficial solution.”
Penpie offered to reveal the name of the hacker in exchange for returning some of the money in a similar social media post.
The hacker kept moving the stolen money to other blockchain addresses, suggesting that the messages had minimal impact.
Before putting the concepts to a vote, the corporation promised to gather feedback and create a compensation plan for the impacted users.
“We deeply acknowledge the significant impact this attack has had on users from other protocols who had assets deposited on Penpie,” they said. “Please know that your losses are of utmost importance to us.”
The incident happened on the same day that the FBI issued a warning to bitcoin companies about North Korean hackers launching frequent strikes.
Penpie claims that Pendle, the platform upon which they developed the protocol, was the first to notify them about the attack.
While millions were lost, specifically from Penpie, Pendle noted in its own post-mortem on the assault that the team’s prompt efforts prevented the hackers from stealing over $105 million worth of cryptocurrencies from other protocols built on the platform.
Although the attack was almost instantly detected by Pendle’s internal security system, the hackers had already taken $27 million from Penpie inside an hour. Pendle said that in the end, the attack had little effect on their platform.
Pendle supplied Penpie with the VPN IP address that was used to initiate the attack, and the business subsequently supplied that data to a Singapore Technology Crime Senior Investigation Officer, who they said “will forward the cybercrime incident to the VPN provider for further information.”
Penpie stated that since its June 2023 launch, the company had undergone two audits. A component of the vulnerability was discovered during one of the audits, and it was thought to be fixed. However, in May 2024, the business unveiled a new feature that brought back the vulnerability that this week’s incident’s hackers took advantage of.
They admitted that after introducing new features, a thorough audit ought to have been conducted.
“While incremental audits address specific changes, it is also essential to conduct comprehensive audits of the entire protocol to ensure that no vulnerabilities are introduced,” they said in the post-mortem.
The company intends to conduct a second comprehensive audit of its systems to make sure that all vulnerabilities have been fixed, and it won’t begin operations again until the audit is finished.
“Teams of North Korean malicious cyber actors identify specific DeFi or cryptocurrency-related businesses to target and attempt to socially engineer dozens of these companies’ employees to gain unauthorized access to the company’s network,” the alert says.
The UN is presently looking into 58 cyberattacks that were allegedly carried out by North Korean hackers and brought in almost $3 billion between 2017 and 2023.
Also read: Strengthening the prospects of data center industry with quality air solutions
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.