In this attack, the hacker exploited the claimRewards function in the market contract to achieve reentrancy staking, thereby increasing the balance of the staking contract. The specific steps are as follows: 1. **Creation of an Attack Contract**: The hacker first created a contract specifically for implementing the attack. 2. **Using the Official Factory to Build Market Contracts**: Next, the hacker used the factory provided by the official party to build an instance corresponding to the attacked market contract. 3. **Calling the Batch Harvest Reward Function**: The hacker called the batchHarvestMarketRewards function of the staking contract to update rewards for a specific market. 4. **Triggering Reentrancy Vulnerability**: During the reward update process, the system callbacked the claimRewards function in the attack contract, thereby achieving reentrancy. During this process, the hacker used assets obtained through flash loans to stake, leading to an imbalance in the asset quantity of the staking contract. 5. **Extracting Excess Assets**: The attacker extracted the excess assets after staking and returned the flash loan to gain profits. In summary, the hacker cleverly utilized design flaws in the market contract and, through reentrancy attack methods, successfully stole a large amount of cryptocurrency assets from the Penpie protocol.