A lot of unwanted drama and activities continue to affect the decentralized finance (DeFi) space. Factom-based stablecoin network PegNet seemed to suffer a 51% attack that resulted in the fraudulent creation of around $6.7 million worth of the USD-pegged stablecoin pUSD.
That attack was executed on April 22 by four miners who control a cumulative 70% of PegNet’s hash rate. The miners did not succeed in their aim of liquidating the funds and now the platform alleges that it was just a security penetration test.
PegNetcore developer ‘WhoSoup’ published a recap of the events that surround what he thinks was an attack.
Anatomy of the Attack
By description, PegNet is a decentralized network that is built on top of Factom. It supports tokens that are pegged to different assets that include commodities, fiat currencies, and cryptos.
The network gets price data from miners through oracles and APIs to maintain price stability. Every block needs around 50 data submissions and the network automatically discards the 25 entries furthest away from the average price.
At around 05:00 UTC, the miners submitted data that was meant to briefly artificially inflate the price of the Japanese yen-pegged stablecoin pJPY through the submission of the 50 data entries at extreme prices. After that inflation, the miners exchanged a wallet that had 1,265.79 pJPY (roughly $11) for 6.7 million pUSD.
Miners Fail to Sell Funds
The group of miners did not succeed in selling the funds. Most of the illegally created stablecoins have since been channeled to a burn address that has no known private key. The address currently contains about 9,000 transactions. Interestingly, the miners alleged that they were simply trying a penetration test of the network. In the 20-minute attack, no other users’ funds were affected.
Two Strange Attack In A Week For DeFi
On April 19, dForce, a Chinese DeFi protocol experienced an attack that resulted in the loss of 99.95% of the funds locked on its Lendf.me platform. The hackers stole $25 million in user funds by exploiting a known weakness to the ERC-777 through stablecoin imBTC. The same method was previously used to target a smart contract on decentralized exchange Uniswap the previous day.
Nevertheless, after leaking identifying information accidentally, the hacker returned all the funds in full.