# Perfect Pie’s First Security Incident *How We Caught and Stopped a 1.46M $PIE Exploit* By [Perfect Pie](https://paragraph.com/@perfect-pie) · 2025-08-20 --- **The Discovery (August 18, 2025)** ----------------------------------- During routine analysis of our 10-day growth metrics, we noticed something odd. Two users — let’s call them **User X** and **User Y** — had impossibly high claim-to-game ratios. While legitimate players claim rewards once per game, these accounts were claiming **4–10x more rewards than games played**. **The Investigation** --------------------- Deep diving into the data revealed: * **10 exploiter accounts** systematically abusing the claim system * **603 fraudulent claims** attempting to steal **1,461,715 $PIE tokens** * The exploit **peaked on August 18** with one user attempting to claim **1.2M $PIE in a single day** * Exploiters represented only **1.3% of players** but attempted to steal **81.7% of all rewards** **The Response** ---------------- Within hours of discovery, we: 1. **Deployed a fix** to prevent multiple claims per game 2. **Created a forensic backup** of all suspicious transactions 3. **Marked 603 fraudulent claims as “failed”** before payout 4. **Successfully blocked 1,461,715 $PIE** from being distributed fraudulently **The Outcome** --------------- * **92.6% of attempted theft prevented** — only 104k $PIE was paid out before detection * **Zero new exploitation attempts** since fix deployment * **772 honest players’ rewards preserved** * **Full audit trail maintained** for transparency And most importantly — **nothing of real-world value was lost**, as $PIE currently has no external monetary value. **Lessons Learned** ------------------- This incident, while stressful, proved our system’s resilience. Our safeguards caught the vast majority of fraudulent activity before tokens were distributed. We’ve since implemented additional **validation layers** and **real-time anomaly detection**. We also want to thank **User X, User Y, and the other testers** who (intentionally or not) helped us uncover this exploit early. They’ve contributed to making Perfect Pie stronger and more secure. When $PIE does gain value in the future, we’ll make sure our current community is **made whole** by allowing players to claim new tokens based on their existing scores. This way, no one loses the progress they’ve earned. Most importantly: **Perfect Pie’s economy remains strong**, with **326,669 $PIE** legitimately distributed to real players who earned it by drawing perfect circles. The game continues stronger than ever — **try your hand at drawing the perfect circle at** [**perfectpie.xyz**](http://perfectpie.xyz) 🎉 --- *Originally published on [Perfect Pie](https://paragraph.com/@perfect-pie/perfect-pies-first-security-incident)*