Peapods Finance, a DeFi protocol specializing in leveraged yield strategies, has been hit by a suspected smart contract exploit. On Tuesday, July 8th, approximately $200,000 in ETH was drained in what onchain security firms CertiK and PeckShield are calling an unauthorized withdrawal. The incident raises fresh concerns about security vulnerabilities in the rapidly evolving DeFi space.
PEAS, the Peapods protocol’s native token, experienced a fleeting dip, briefly bottoming out at $3.55 – a 5% stumble in the market’s relentless dance. But don’t cry fowl just yet: the token rebounded with surprising vigor, currently perched at $3.74. That’s a 3% climb in the last day, signaling potential for more growth. While PEAS boasts a market cap flirting with $37 million, Peapods’ total value locked (TVL) tells a slightly different tale, hovering around $10 million, according to DefiLlama. For context, the protocol once basked in a $34 million TVL glory back in March. Is this a temporary lull or a sign of deeper currents?
PEAS 24-hour price chart. Source: DeFiLlama
Launched in mid-2023, Peapods Finance’s stated aim is to turn market volatility into yield.
Yesterday, TenArmorAlert analysts detonated a bombshell on X: a suspected price manipulation scheme targeting the WETH/aspLONGsUSDe oracle. Imagine a shadowy figure inflating the oracle’s price to dizzying heights, all to pave the way for a devastating drain. This isn’t just a glitch; it’s a calculated attack.
Peapods exploit report. Source: CertiK
A digital heist unfolded as on-chain sleuths tracked a flow of 78 ETH – a king’s ransom of $207,000 – funneled to a suspected attacker. The loot, disguised as Wrapped Ether (WETH) and freshly minted tokens, painted a complex web of transactions designed to obfuscate the trail, but ultimately leading back to the culprit.
Peapods Finance suffered a double whammy. BlockSec Phalcon revealed on X that an attacker exploited several contracts. The initial strike succeeded, but a white knight arrived in the form of Yoink, a notorious MEV frontrunner, who thwarted the attacker’s second attempt. BlockSec urges Peapods Finance to reach out to Yoink.
Public Response
Peapods users reeled after the team announced a breach hitting their ETH-based “podETH” vault on Ethereum. These custom “Pods” – designed to generate yield from the volatile dance between unrelated assets – were the target. The Peapods team scrambled to reassure users, stating the vulnerability wasn’t in the underlying smart contract. They stressed that other independent Pods and the meta-vaults managing them remained locked down and safe.
“We’ve identified a misconfigured oracle impacting a specific pod due to a user setting. Think of it as a faulty compass leading it astray. Our team is collaborating with auditors and conducting an internal review to pinpoint the exact cause and implement a fix. We’ll share a detailed update as soon as our investigation concludes. Thanks for your understanding as we navigate this issue.”
Peapods Finance remained silent on X amidst swirling exploit rumors. When The Defiant pressed for answers regarding the silence, a representative stated a report was in the works, offering little solace to the community anxiously awaiting details.
In May, an attacker exploited top Sui DEX Cetus Protocol’s smart contract to drain $223 million worth of SUI.
DeFi’s Summer of ’25: Hacking Heatwave. New data reveals DeFi platforms bore the brunt of cyberattacks in the first half of the year, making them the hottest target for digital thieves.
Thanks for reading Peapods Finance Token Slips 5% after Unauthorized $200K Withdrawal
