Decentralized finance (DeFi) is hit by criminals again. This time, a Factom-based stablecoin network PegNet appeared to have suffered a 51% attack that resulted in $6.7 million worth of the USD-pegged stablecoin pUSD being fraudulently created.
The hackers get over 51% of the protocol’s hashpower to alter 1265.79 pJPY (about $11) into 6.7 million pUSD, but made unsuccessful attempts to liquidate the funds later.
A group of miners collectively control 70% of the PegNet’s hash rate and manipulated the price of a stablecoin backed by Japanese Yen dubbed pJPY. They manipulated the exchange rate by providing the false data and later converted it to pUSD (a token backed by the US dollar).
Though the criminals managed to generate millions of tokens from thin air, the protocol resisted, not allowing them to liquidate these generated tokens, and they were forced to burn them (sending tokens to an irrecoverable address).
Safe from Harm
Built on top of the Factom protocol, PegNet is a decentralized network allowing users to trade stablecoins pegged to fiat currencies, commodities, and other cryptocurrencies like Bitcoin.
Factom Inc chairman and a leading figure behind PegNet, David Johnston, confirmed that the miners could not dump the assets, and instead, they decided to burn them. He noted that this is “another milestone in the history of PegNet, being able to repel its first 51% attack.”
He also reassured that users’ funds are safe because “PegNet has no reserve or collateral held in a pool, there were NO common user funds to drain.”
Johnston expects more dangerous attacks to follow as DeFi grows: “I fully expect more sophisticated attacks over time. As values in DeFi networks rise, there is more reason to attack them. The key is building systems like PegNet, where individual users are NOT affected by the actions of others in the same network.”
DeFi’s Two Attacks This Week
On April 19, Chinese DeFi protocol dForce suffered an attack resulting in 99.95% of funds locked on its Lendf.me platform being drained by hackers.
The attackers stole $25 million in user funds by exploiting a known vulnerability to the ERC-777 via stablecoin imBTC. According to reports, the hacker had returned the fund.