DeFi platform PegNet appears to have suffered a 51% attack in which four of the network’s top miners fraudulently created $6.7 million in stablecoins.
Drama continues to plague decentralized finance (DeFi), with Factom-based stablecoin network PegNet appearing to suffer a 51% attack that resulted in $6.7 million worth of the USD-pegged stablecoin pUSD being fraudulently created.
The attack was executed by a group of four miners who collectively control 70% of PegNet’s hash rate on April 22. The miners were unsuccessful in attempts to liquidate the funds and now claim it was simply a security penetration test.
PegNet core developer ‘WhoSoup’ posted a recap of the events surrounding what he believes was an attack.
Anatomy of a 51% attack
PegNet is a decentralized network built on top of Factom that supports tokens pegged to 42 different assets — including fiat currencies, commodities, and cryptocurrencies.
The PegNet network receives price data from miners via oracles and APIs to maintain price stability. Each block requires up to 50 data submissions and the network discards the 25 entries furthest away from the average price.
At approximately 05:00 UTC, the miners submitted data to briefly artificially inflate the price of the Japanese yen-pegged stablecoin pJPY by submitting 35 of the 50 data entries at extreme prices.
Once inflated, the miners exchanged a wallet containing 1,265.79 pJPY (roughly $11) for 6.7 million pUSD.
Miners unable to sell funds
However, the group was unsuccessful in attempting to liquidate the funds.
The majority of the fraudulently created stablecoins have since been sent to a burn address with no known private key, containing over roughly 9,000 transactions. The miners are now claiming to have simply been trialing a penetration test of the network.
No other users’ funds were affected in the roughly 20 minute-long attack.
DeFi sees two unusual attacks in one week
On April 19, Chinese DeFi protocol dForce suffered an attack resulting in 99.95% of funds locked on its Lendf.me platform being drained by hackers.
The attackers stole $25 million in user funds by exploiting a known vulnerability to the ERC-777 via stablecoin imBTC — which had been similarly used to target a smart contract on decentralized exchange Uniswap the previous day.
However, after accidentally leaking identifying information, the hacker returned the funds in full on April 22.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.