Verify a decision

{"actor":"system:backfill","investigation_id":"38261708-bdaf-4edf-8589-ff2c92a74fa2","kind":"publish","page_slug":"pickle","published_at":"2026-05-26T03:49:50.642Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Pickle Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptotesters.com/review/what-is-pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://chainstack.com/pickle-finance-on-chainstack-accelerating-growth-into-new-networks/","type":"other","url":""},{"credibility":3,"name":"https://docs.pickle.finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""},{"credibility":3,"name":"https://picklefinance.medium.com/pickle-was-hacked-and-there-has-been-a-loss-of-funds-414b99969c29","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/49149/pickle-finance-hack","type":"other","url":""},{"credibility":3,"name":"https://www.nasdaq.com/articles/defi-protocol-pickle-finance-token-loses-almost-half-its-value-after-$19.7m-hack-2020-11","type":"other","url":""},{"credibility":3,"name":"https://github.com/banteg/evil-jar","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/pickle-finance/protocol/blob/master/audits/Haechi_Audit.pdf","type":"other","url":""},{"credibility":3,"name":"https://docs.pickle.finance/security/audits-and-timelock/smart-contract-audits","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/pickle-finance-postmortem-details-how-19-million-dai-was-pilfered/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coverprotocol.medium.com/11-21-20-claim-outcome-for-pickle-finance-aa2fcc56cb7c","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/decentralized-insurance-protocol-cover-holds-vote-to-cover-pickle-hack","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/pickle-finance-loses-20-million-in-latest-defi-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.net/news/security/6222707/","type":"other","url":""},{"credibility":3,"name":"https://en.ethereumworldnews.com/2020s-pickle-finance-hackers-launder-1800-ethereum-through-tornado-cash/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/yearn-finance-consumes-pickle-without-governance-vote/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2020/11/24/yearning-for-pickle-two-defi-protocols-merge","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/yearn-finance-absorbs-pickle-to-boost-defi-rewards","type":"other","url":""},{"credibility":3,"name":"https://gov.yearn.finance/t/retroactive-vote-on-pickle-yearn-ferments/8306","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinmarketcap.com/currencies/pickle-finance/","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/pickle","type":"other","url":""},{"credibility":3,"name":"https://picklefinance.medium.com/pickle-finance-closing-the-jar-7996fe4ecd94","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://picklefinance.medium.com/pickle-finance-closing-the-jar-7996fe4ecd94","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptotesters.com/review/what-is-pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://www.publish0x.com/arkemmus-blog/pickle-finance-defi-with-a-cucumber-flavour-xgpnznp","type":"other","url":""}]}],"sources_used":[],"summary":"Pickle Finance was an Ethereum-based DeFi yield aggregator launched in September 2020 that suffered a critical smart contract exploit on November 21, 2020, resulting in the theft of approximately 19.76 million DAI (roughly $19.7 million) from its pDAI PickleJar. The exploit, known as the 'Evil Jar Attack,' combined three design flaws in unaudited contract code and led to a 50% collapse in the PICKLE token price, with hack proceeds later laundered through Tornado Cash. The protocol subsequently merged with Yearn Finance but never meaningfully recovered; it officially announced its shutdown in 2025 with the UI disabled on October 1, 2025.","timeline":[{"date":"2020-09-01","event":"Pickle Finance launches on Ethereum as a yield aggregator offering Pickle Jars and Pickle Farms.","source":""},{"date":"2020-10-03","event":"MixBytes completes a security audit of Pickle Finance smart contracts (ControllerV3 scope).","source":""},{"date":"2020-10-20","event":"Haechi completes a security audit of Pickle Finance smart contracts (ControllerV3 scope).","source":""},{"date":"2020-10-23","event":"ControllerV4 and the swapExactJarForJar function are deployed to production without undergoing a security audit.","source":""},{"date":"2020-11-21","event":"Attacker exploits three chained vulnerabilities in ControllerV4 and drains 19,759,355 DAI from the pDAI PickleJar in the Evil Jar Attack. PICKLE token falls approximately 50%.","source":""},{"date":"2020-11-22","event":"Pickle Finance executes an emergency timelock transaction at 15:15 UTC to revoke the exploited proxy logic from the Controller. White-hat team secures remaining $50 million in assets. Official postmortem published.","source":""},{"date":"2020-11-24","event":"Yearn Finance announces merger with Pickle Finance, characterized as DeFi's first M&A deal, without a prior community governance vote from either protocol.","source":""},{"date":"2020-11-25","event":"PICKLE token surges to approximately $27 on merger announcement.","source":""},{"date":"2020-12-01","event":"Cover Protocol approves Pickle Finance insurance claim; 282,035 DAI paid out, covering less than 2% of total losses.","source":""},{"date":"2020-12-01","event":"Developers 0xPenguin and BigBrainBriner depart Pickle Finance.","source":""},{"date":"2021-02-09","event":"PICKLE token reaches all-time high of approximately $34.35 before entering a sustained decline.","source":""},{"date":"2021-01-01","event":"Stolen funds from the November 2020 exploit are laundered through Tornado Cash in batches of 100 ETH; total of 1,800 ETH moved through the mixer according to PeckShieldAlert.","source":""},{"date":"2022-01-01","event":"Bear market conditions sharply reduce Pickle Finance TVL and user activity; the protocol struggles to compete in the saturated yield aggregator market.","source":""},{"date":"2025-06-10","event":"Pickle Finance takes a snapshot of PICKLE and DILL holders for treasury distribution eligibility (minimum 300 PICKLE required).","source":""},{"date":"2025-10-01","event":"Pickle Finance UI is disabled. Protocol officially sunsets after approximately five years. Remaining 170,280 USDC treasury distributed to eligible token holders.","source":""}]},"v":1}