A hacker responsible for a massive $27 million heist from the Penpie DeFi protocol received praise from another notorious figure in the crypto underworld. The exploit, which took place on September 3, led to the loss of millions in digital assets, prompting Penpie to suspend both deposits and withdrawals on the platform.
The hacker’s actions caught the attention of the individual behind the $195 million flash loan attack on Euler Finance in March 2023. The Euler hacker sent a congratulatory on-chain message to the Penpie exploiter, commending them for their decision to keep the stolen funds instead of returning them.
The Penpie Hack and the $7M Laundering
The Penpie hack was swift and devastating. Within hours of executing the attack, the hacker transferred $7 million of the stolen assets into the Tornado Cash crypto mixer, a service often used by criminals to launder illicit funds. Crypto mixers blend digital asset transactions with large volumes of other funds, making it nearly impossible to trace the original source of the money. While Tornado Cash is often used to protect users’ privacy, it has become a popular tool for money laundering activities.
Praise from a Fellow Hacker
The Euler Finance hacker, who had previously been given the opportunity to return the stolen funds, expressed admiration for the Penpie attacker’s refusal to return the funds. The message read:
“Good job bro. I didn’t see a hack like this for a while. I’m happy you kept all the money and didn’t let these bastards get back one dollar of what you took. You won, they lost. Good job.”
While the Euler hacker had managed to pull off a similar attack in March 2023, they ultimately chose to return the funds. After receiving a message from Euler Finance, the hacker agreed to return around $195 million, keeping about $20 million as a reward for their efforts. The protocol had offered the hacker a deal, allowing them to keep a portion of the stolen funds if 90% was returned. The Euler Foundation later ended their reward campaign after recovering 90% of the stolen amount.
A Surge in Phishing Attacks
August saw a sharp increase in phishing attacks within the crypto space. Over 9,000 victims reported losing approximately $63 million to crypto phishing scams—a staggering 215% rise in the amount stolen compared to July. The largest single attack was responsible for a $55 million loss.
On August 20, a major scam involved a wallet owner unknowingly signing a malicious transaction. This allowed attackers to transfer the ownership of 55 million Dai, making off with the funds without the owner’s consent.
Crypto Security Under Threat
The rise in phishing attacks and high-profile hacks like the Penpie and Euler incidents highlight the increasing security risks in the cryptocurrency space. While some attackers opt to launder their stolen funds through mixers like Tornado Cash, the evolving landscape of crypto crime continues to challenge regulators and platforms to find ways to combat these sophisticated exploits.
