[Subscribe Now] Track A-Level Transparency Project Biweekly Report and Discover the Top 1% of Projects
API Download the RootData App
Projects
All Projects
All Projects
Project Transparency Improvement Ranking
Project Transparency Improvement Ranking
Fundraising
Fundraising Rounds
Fundraising Rounds
Investors List
Investors List
Calendar
Upcoming Events
Upcoming Events
Token Unlocks
Token Unlocks
Exchanges NEW
Discover

Market Data

Market
Market

Insights

People
People
X Data
X Data
News
News
DashBoard
DashBoard
Archives
Archives

Featured

ROOTDATA LIST
ROOTDATA LIST
Deals
Deals
Search project, VC, person, X account, token, archive.
/
search
FundraisingMarket

Beosin: Analysis of the Attack on the DeFi Protocol Penpie Resulting in Approximately $27 Million in Asset Losses

Sep 11, 2024 15:38:01

Share to

ChainCatcher news, according to Beosin Alert monitoring, the DeFi protocol Penpie built on Pendle has been hacked, resulting in the theft of approximately $27 million in crypto assets. Beosin provides the following brief analysis of the incident:

The attacker exploited the claimRewards function in the market contract to re-enter the staking contract, increasing the staking contract balance, and then withdrew excess tokens and staked assets from the taking contract for profit.

  1. The attacker first created an attack contract and constructed the corresponding market contract through the official factory.
  2. Called the batchHarvestMarketRewards function of the staking contract to update rewards for the market.
  3. During the reward update, the attack contract's claimRewards function is called back, allowing for re-entry to stake the assets obtained from the flash loan, creating a discrepancy in the asset quantity of the staking contract, and withdrawing the excess.
  4. The attacker withdrew the staked assets and repaid the flash loan for profit.
Beosin: Analysis of the Attack on the DeFi Protocol Penpie Resulting in Approximately $27 Million in Asset Losses

Related Projects

Penpie PNP 0.03%

Latest News

Starknet: The STRK20 testnet will launch next week, with the mainnet planned for release at the end of April.

ChainCatcher

Mar 20, 2026 20:07:49

Ledger hires former Circle executive as CFO; its IPO may be delayed due to market volatility.

ChainCatcher

Mar 20, 2026 20:04:13

European asset management giant Amundi launches $100 million tokenized fund on Ethereum and Stellar blockchains.

ChainCatcher

Mar 20, 2026 20:03:59

The procuratorial authorities in Hunan, China, have dismantled a new type of money laundering chain that used Moutai liquor transactions as a cover and virtual currency as a channel

ChainCatcher

Mar 20, 2026 19:11:21

LeviX has reached a cooperation with the APOC Technology Sports and E-sports Committee

ChainCatcher

Mar 20, 2026 19:05:22

Recent Fundraising

More
Bluesky
$100M Apr 1, 2025
Kalshi
$1B Mar 20
Myriad
-- Mar 20

New Tokens

More
edgeX EDGE
Mar 19
katana KAT
Mar 18
KnoxNet KNX
Mar 18

Latest Updates on 𝕏

More
Laura Shin Followed Fordefi
Mar 19
Solana Followed NODIT
Mar 19
Frank Chaparro Followed trade.xyz
Mar 19