From the perspective of mechanism analysis, the fundamentals of the agreement remain healthy.

Written by Alex Liu, Foresight News

Security incidents

On September 4, Penpie, a DeFi protocol built on Pendle, was hacked and about $27 million in crypto assets were stolen, including various types of staked Ethereum, Ethena's sUSDE, and wrapped USDC stablecoins. This is the largest reentry attack in 2024 according to Certik statistics, and the third largest reentry attack since January 2021, second only to Grim Finance (about $40 million, December 2021) and Vyper vulnerability incident (about $52 million, July 2023).

Although the Penpie project told the hacker that it was "willing to negotiate the bounty and would not take any legal action if the funds were returned," as of September 8, the Penpie hacker had deposited the last 1,661 ETH (about $3.77 million) into Tornado Cash. This means that the $27 million in assets stolen from Penpie by the Penpie hacker (the stolen assets were exchanged for 11,261 ETH) have all been transferred through Tornado Cash, and the possibility of actively returning the assets is almost zero.

Many people had never heard of Penpie until it was stolen... In fact, Penpie, whose TVL (total locked value) exceeded 100 million yuan early on, was the first successful case of the Magpie ecosystem subDAO model, laying the foundation for the launch of subDAOs such as Eigenpie that are now well known to everyone.

Magpie ecosystem, total TVL exceeds 1 billion US dollars

What can the Penpie protocol do? Is it still competitive after the security incident? Let’s find out.

Protocol Mechanism

Penpie is a protocol built on Pendle. We will not discuss the various mechanisms of Pendle in depth here, but simply summarize them to clarify the relationship between Pendle and Penpie.

There are three main ways to participate in Pendle:

  1. Hold PT (principal token) to obtain fixed income.

  2. Hold YT (income token) and gamble on uncertain returns.

  3. Become a liquidity provider (LP) and provide liquidity for the SY-PT token pair. (SY: the wrapped token of the original asset, SY = PT + YT)

YT and PT can attract players with different risk preferences, and thus help increase TVL for protocols connected to Pendle. To maintain high growth in TVL, there needs to be sufficient SY-PT liquidity to ensure the generation of new PT and YT with low slippage. In order to attract LPs, Pendle provides PENDLE token incentives.

And if you hold enough vePENDLE (lock up 1 PENDLE for 4 years to get 1 vePENDLE, lock up 1 PENDLE for 2 years to get 0.5 vePENDLE, and so on), the LP's PENDLE token incentive can be amplified by up to 2.5 times.

What if you want to increase your LP income without holding PENDLE? Deposit your LP tokens into Liquid Lockers and Yield Boosters such as Penpie and StakeDAO. They lock up PENDLE and hold a large amount of vePENDLE, which can help you increase your LP income, earn commissions from you, and earn third-party Bribes from the outside.

In short, Penpie helps liquidity providers (LPs) on Pendle increase their returns without locking up PENDLE tokens.

Penpie Situation

From the above analysis, we can see that the only factor that affects Penpie's fundamentals is the amount of vePENDLE it has. A large amount of vePENDLE can help more (larger amounts) LPs increase their returns, thereby promoting its own TVL and earning income.

So after the security incident, is Penpie still competitive? The answer is undoubtedly - yes.

Penpie did not lose its vePENDLE in the hacker attack and is still the largest holder of PENDLE tokens. The number of vePENDLE tokens it holds (12 million+, accounting for 37.59%) is still higher than the total of its competitors Equilibria and StakeDAO.



From the perspective of protocol functionality alone, Penpie can even provide better returns for the remaining assets of the protocol (over $100 million in Pendle LP tokens).

But of course, confidence needs to be rebuilt, and users who have lost assets also need the protocol to provide solutions.

What's next?

For Penpie, it is a blessing in disguise that its core competitiveness, vePENDLE, the hen that lays golden eggs, has not suffered any losses, but it still needs to stabilize its position and provide reasonable solutions to users who have lost assets. Potential solutions include issuing compensation bonds or recovery tokens, which to a certain extent require PNP token holders to make concessions and give priority to compensating asset losers with protocol revenue.

PNP may not be able to achieve good price trends in the short term, but once Penpie’s functions are restored and the code is updated to be more secure, it will still be a fundamentally healthy and practical DeFi protocol.