Skip to main content
Sign in
Penpie1 decision on this page

Audit log

Every state-changing event for Penpie: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 04:21:54Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,912,646
    sig
    58cjNXUjptDm…M2HsgdeTexplorer ↗
    hash
    RciYdX1eNXAX…JYRuAqPusha256 → base58
    verifying row…full verify ↗
    canonical bytes (6590 B) ▸
    {"actor":"system:backfill","investigation_id":"e5069dd4-353f-4479-86ef-a663685afdb3","kind":"publish","page_slug":"penpie","published_at":"2026-05-20T04:21:54.489Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Penpie","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://docs.magpiexyz.io/the-magpie-ecosystem/penpie-pendle-finance"},{"credibility":3,"name":"","type":"other","url":"https://docs.penpiexyz.io/penpie-ecosystem/introduction"},{"credibility":3,"name":"","type":"other","url":"https://www.auditone.io/blog-posts/the-penpie-hack-understanding-the-september-2024-reentrancy-exploit-and-the-role-of-auditing-in-defi-security"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-penpie-hack-september-2024"},{"credibility":3,"name":"","type":"other","url":"https://threesigma.xyz/blog/exploit/penpie-reentrancy-exploit-analysis"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/penpie-protocol-exploited-suffers-27-million-loss"},{"credibility":3,"name":"","type":"other","url":"https://zokyo.io/blog/penpie-postmortem-analysis-of-the-27m-reentrancy-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://invezz.com/news/2024/09/06/hacker-behind-27m-penpie-heist-applauded-by-euler-exploiter/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://threesigma.xyz/blog/exploit/penpie-reentrancy-exploit-analysis"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/penpie-protocol-hacker-launders-7m-tornado-cash"},{"credibility":3,"name":"","type":"other","url":"https://dailycoin.com/penpie-hacker-launders-last-batch-of-the-stolen-27m-ether"},{"credibility":3,"name":"","type":"other","url":"https://defi-planet.com/2024/09/penpie-protocol-hacker-reportedly-laundered-7m-through-tornado-cash-within-12-hours-of-27m-theft/"},{"credibility":3,"name":"","type":"other","url":"https://arbiscan.io/tx/0xe44a4e2c1812ff00db4902d61d1bc2815854b38d63e8fe605707614cb1675e79"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://therecord.media/penpie-defi-protocol-ethereum-stolen"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/defi/penpie-proposes-compensation-plan-and-insurance-protocol-after-usd27m-exploit"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/defi-platform-pendle-claims-saved-134115901.html"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/314616/pendle-says-it-saved-105-million-that-could-have-been-further-drained-amid-penpie-hack"},{"credibility":3,"name":"","type":"other","url":"https://blog.penpiexyz.io/penpie-post-mortem-report-1ac9863b663a"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.auditone.io/blog-posts/the-penpie-hack-understanding-the-september-2024-reentrancy-exploit-and-the-role-of-auditing-in-defi-security"},{"credibility":3,"name":"","type":"other","url":"https://www.quillaudits.com/blog/hack-analysis/penpie-protocol-exploit"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@Magpieprotocol/magpie-protocol-charting-a-secure-path-following-exploit-c7046d9fc3ca"},{"credibility":3,"name":"","type":"other","url":"https://gov.magpiexyz.io/t/penpie-compensation-plan-draft-02/412"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/penpie"}]}],"sources_used":[],"summary":"Penpie is a yield-boosting DeFi protocol built on Pendle Finance by the Magpie DAO ecosystem, allowing users to earn boosted yields on Pendle liquidity pools without directly locking PENDLE tokens. On September 3, 2024, an attacker exploited a reentrancy vulnerability in Penpie's staking contract to drain approximately $27.3 million across Ethereum and Arbitrum, subsequently laundering all stolen funds through Tornado Cash and ignoring recovery appeals. The protocol filed reports with the FBI and Singapore Police but recovered no funds; a partial community compensation plan was proposed but not fully executed.","timeline":[{"date":"2023-05-01","event":"Penpie launches as the first sub-DAO under the Magpie ecosystem, built on Pendle Finance.","source":""},{"date":"2024-05-01","event":"Penpie introduces permissionless pool registration, allowing anyone to create Pendle markets — removing an access control that had previously mitigated reentrancy risk in the batchHarvestMarketRewards() function.","source":""},{"date":"2024-09-03","event":"At 6:23 PM UTC, the reentrancy exploit begins. Three attack transactions drain approximately $27.348 million in wstETH, sUSDe, agETH, and rswETH across Arbitrum and Ethereum.","source":""},{"date":"2024-09-03","event":"Within 20 minutes of the exploit, Pendle Finance pauses all contracts, preventing the attacker from executing a second malicious contract targeting the remaining ~$105 million.","source":""},{"date":"2024-09-03","event":"Penpie team visits Kampong Java Neighbourhood Police Centre in Singapore and files a police report.","source":""},{"date":"2024-09-04","event":"Penpie files a complaint with the FBI's Internet Crime Complaint Center (IC3) and sends an on-chain message to the attacker offering amnesty in exchange for return of funds.","source":""},{"date":"2024-09-04","event":"Attacker begins laundering stolen funds through Tornado Cash; approximately $7 million (26% of total) is laundered within 12 hours of the exploit.","source":""},{"date":"2024-09-06","event":"Euler Finance exploiter sends an on-chain congratulatory message to the Penpie attacker. Penpie offers a 10% bounty for information leading to the attacker's identification.","source":""},{"date":"2024-09-06","event":"Attacker transfers 7,262 ETH ($17.4 million) to an intermediary address; 5,600 ETH is then laundered through Tornado Cash.","source":""},{"date":"2024-09-08","event":"Attacker completes laundering of all remaining stolen ETH through Tornado Cash; full 11,261 ETH balance is confirmed laundered by PeckShield.","source":""},{"date":"2024-10-07","event":"Magpie publishes Penpie compensation plan proposing 27 million Safu Recovery Tokens (SRT) backed by 4% of MGP token supply, and launches Safupie insurance mechanism proposal. Protocol operations resume.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision fac17084-a348-45d6-934e-f3f8c5d00894
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.