DeFi Platform Suffers 51% Attack From Its Top Miners — or Does It?

Published at: April 23, 2020

Drama continues to plague decentralized finance (DeFi), with Factom-based stablecoin network PegNet appearing to suffer a 51% attack that resulted in $6.7 million worth of the USD-pegged stablecoin pUSD being fraudulently created.

The attack was executed by a group of four miners who collectively control 70% of PegNet’s hash rate on April 22. The miners were unsuccessful in attempts to liquidate the funds and now claim it was simply a security penetration test.

PegNet core developer ‘WhoSoup’ posted a recap of the events surrounding what he believes was an attack.

Anatomy of a 51% attack

PegNet is a decentralized network built on top of Factom that supports tokens pegged to 42 different assets — including fiat currencies, commodities, and cryptocurrencies.

The PegNet network receives price data from miners via oracles and APIs to maintain price stability. Each block requires up to 50 data submissions and the network discards the 25 entries furthest away from the average price.

At approximately 05:00 UTC, the miners submitted data to briefly artificially inflate the price of the Japanese yen-pegged stablecoin pJPY by submitting 35 of the 50 data entries at extreme prices. 

Once inflated, the miners exchanged a wallet containing 1,265.79 pJPY (roughly $11) for 6.7 million pUSD.

Miners unable to sell funds

However, the group was unsuccessful in attempting to liquidate the funds.

The majority of the fraudulently created stablecoins have since been sent to a burn address with no known private key, containing over roughly 9,000 transactions. The miners are now claiming to have simply been trialing a penetration test of the network.

No other users’ funds were affected in the roughly 20 minute-long attack.

DeFi sees two unusual attacks in one week

On April 19, Chinese DeFi protocol dForce suffered an attack resulting in 99.95% of funds locked on its Lendf.me platform being drained by hackers. 

The attackers stole $25 million in user funds by exploiting a known vulnerability to the ERC-777 via stablecoin imBTC — which had been similarly used to target a smart contract on decentralized exchange Uniswap the previous day. 

However, after accidentally leaking identifying information, the hacker returned the funds in full on April 22.

Tags
Related Posts
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
Network and token freeze after Acala exploit raises questions
The Acala Network’s aUSD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized. On Aug. 14, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This event crashed the USD-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode. The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet …
Altcoin / Aug. 15, 2022
DeFi tokens book double-digit gains after Bitcoin rallies above $39,000
A renewed sense of optimism has returned to the cryptocurrency ecosystem on July 26 as Bitcoin’s (BTC) recovery above $38,900 has sparked a market-wide rally in the altcoins. Data from Cointelegraph Markets Pro and TradingView shows that the top movers over the past 24 hours are Amp (AMP), Venus (XVS) and Reserve Rights (RSR). Five out of the top seven gainers fall into the decentralized finance (DeFi) sector, a possible sign that DeFi may be heating up for another major run in 2021. AMP/USD The top performer over the past 24-hours has been Amp (AMP), a digital collateral token protocol …
Bitcoin / July 26, 2021
WEMIX gains 200%+ after stablecoin and boosted staking rewards announcement
Blockchain-based gaming, also known as GameFi, is an up-and-coming sector that could potentially be one of the primary catalysts for kickstarting the mass adoption of blockchain technology. WEMIX, a gaming protocol that operates on the Klaytn network, aims to get in on the GameFi revolution and this week, the project's native token (WEMIX) rallied even as the wider market continued to sell-off. Data from Cointelegraph Markets Pro and TradingView shows that since hitting a low of $1.27 on May 12, WEMIX price climbed 269% to hit a daily high at $4.70 on May 25 as its 24-hour trading volume increased …
Adoption / May 27, 2022
Lodestar Finance exploited in flash loan attack
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation …
Altcoin / Dec. 11, 2022