$12 500 000 USD
DESCRIPTION OF EVENTS
"pTokens aims to be a decentralized open-source system facilitating cross-chain movement of assets." "Bridge your ASSETS, NFT, DAO cross-chain! Do more with your capital. Bring it to action into any blockchain with no restrictions."
"The pTokens system bridges a variety of blockchains, powering the free movement of crypto liquidity. These bridges are operated by a network of validators, whose role is to verify the cross-chain asset switch and to guarantee the 1:1 peg with the underlying asset."
"pNetwork enables the transfer of assets into +10 supported blockchains, including Bitcoin, Ethereum, Dogecoin and many more. Enter the dapp and unlock the power of composable liquidity." "pTokens removes the need for a trusted intermediary by creating a crypto-economic incentive through a governance token. "
"Everybody can play around with pNetwork tools, whether they are experienced developer or cross-chain enthusiasts. Access a fully fledged suite of tools to do more with your capital." "The incentives mechanism is at the foundation of the pTokens system - the pNetwork Token (PNT) is leveraged to drive governance decisions, encourage community participation and adoption. While fueling validators’ activities, the PNT token is a key element of the staking method at the basis of the network."
"Thanks to pToken you can transfer your assets across networks at the click of a button. Enhance your liquidity, make it multi-chain. Ever thought about playing with your NFTs seamlessly, on any marketplace, on every layer? The time to be confined on a single one is long gone. Extend the reach of your DAO and augment its capabilities in the multi-chain world. True open-source inter blockchain communication. No prerequisites, no trusted components."
"The pNetwork is secured by Multi Party Computations and Trusted Computing, a combination which makes attacks both expensive and impractical." "Anyone can become a pNetwork validator and see exactly how collateral is managed and transactions are processed."
"pNetwork v1 was launched in March 2020 in its simplest form, a pTokens bridge, to enable the cross-chain movement of Bitcoin on Ethereum. From there, it has evolved into a DAO-governed, progressively decentralized network of nodes that power the movement of tokenized assets such as wrapped Bitcoin across a multitude of ecosystems."
"On September 19th, 2021 at 5:20pm UTC time, the pNetwork system was attacked by a hacker who performed the offensive against multiple pTokens bridges. However, the exploit was only successful on the pBTC-on-BSC cross-chain bridge, which bridge was exploited and 277 BTC, stolen from the pBTC-on-BSC collateral."
"While they tried to attack pBTC-on-BSC, TLOS-on-BSC, PNT-on-BSC, pBTC-on-ETH, TLOS-on-ETH, pSAFEMOON-on-ETH, they were able to steal the BTC collateral for the pBTC-on-BSC bridge only."
"The attacker funded their 0x2bf5693dd3a5cea1139c4510fdce120cf042c934 account by withdrawing BNB tokens from Binance and then used the account to deploy a set of smart contracts specifically crafted to abuse the peg-out instructions the pNetwork nodes look for."
"These smart contracts created a series of event logs: one of those being a legit peg-out request, while the others were faulty peg-out requests emitted by the attacker’s smart contracts rather than from the pToken ones."
"Due to a bug in the section of the Rust code in charge of extracting these log events, both the legitimate and the faulty logs were extracted and erroneously processed."
"The attacker proceeded to move the stolen BTC to a list of addresses that are still holding the funds at the time of writing."
"We're sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral)." "We have identified the bug and are working on fixing it. The bridges will be re-activated as soon as it's safe to, most likely in a matter of hours." "[A]ll [other] bridges are back and running as usual."
"The pBTC-on-BSC bridge remains temporarily disabled while discussions on the compensation plan are ongoing." "We are working on a solution for users who were affected by the attack (pBTC on BSC holders only). We will keep you posted on this." "The full list of addresses included in the snapshot and therefore eligible to claim PNT tokens (step 0) is available on the forum." "Details for claiming PNT tokens (step 0) are available on the forum."
"In short (non-exhaustive description), the compensation plan aims to recoup the USD-countervalue of the stolen BTC collateral at the time of the attack." "A part of the compensation has already been approved and implemented (Step 0). If approved, this DAO proposal would implement a 2-steps process for recouping the remaining value in USD terms for pBTC-on-BSC holders." Step 1 is "[t]he creation and launch of a pNetwork NFT series (including the allocation of 4 Million PNT tokens provided to the pNetwork DAO by the pNetwork association’s and by the team’s reserves)." Step 2 is "[t]he redirection of part of DAO member rewards towards pBTC-on-BSC holders over a period of 10 months (PNT downtrend protection mechanism applies)."
"Today, we are excited to present pNetwork v2. An open-source protocol for cross-chain routing between blockchain ecosystems and scalability networks empowering cross-chain applications. It enables users and smart contracts on any blockchain platform to send and receive assets and data messages cross-chain, significantly improving and expanding the applicability of the previous version."
"pNetwork v2 aims to continue innovating in the field of cross-chain routing by pioneering cross-chain interoperability features for dApps. By enriching and expanding its previous set of features, v2 is an enabler for the project to focus on contributing to the growth of some of the biggest blockchain-powered trends."
"pNetwork v2 will provide users a secure and efficient protocol for both asset movement and generalized messaging across blockchain networks, while making the network more robust and mature. pNetwork v2 will underpin a variety of cross-chain services, such as pTokens bridges and the Postman messenger."
pNetwork offers an automated bridge between chains. This involves the storage of crypto-assets in smart contract hot wallets to provide liquidity. One of the bridges, holding bitcoin, was successfully exploited, and 227 BTC was stolen.
A compensation plan was put together including the sale of NFTs and redirecting future rewards to affected users. This went through multiple revisions before the final implementation. The project continues, including with a new version 2 which has increased robustness and security.
HOW COULD THIS HAVE BEEN PREVENTED?
Hot wallets should either not store customer funds, or be insured fully through smart contract insurance or our proposed industry insurance fund.
pNetwork | enabling cross-chain DeFi composability (Sep 23)
Cross-Chain Protocol PNetwork Loses $12M in Hack (Sep 23)
@pNetworkDeFi Twitter (Oct 2)
SlowMist Hacked - SlowMist Zone (Nov 6)
https://uploads-ssl.webflow.com/60c1acb9d30b474ea009fe17/60f50bfcaeb557e5a9a46253_pNetwork-litepaper.pdf (Nov 6)
Pnetwork Post Mortem Pbtc On Bsc Exploit (Nov 6)
Binance Transaction Hash (Txhash) Details | BscScan (Nov 6)
Binance Transaction Hash (Txhash) Details | BscScan (Nov 6)
https://ipfs.io/ipfs/QmZj2PCKEDAFvXCMYmhs8u84PitYVU6XsZ41iZfkS2rR8k (Nov 6)
https://ipfs.io/ipfs/QmPnkfpa1xzd8Hb7wyVT32t3TUxqq3d7MY5zHBa35RgAap (Nov 6)
Proposal: Should the DAO recoup the value lost by pBTC-on-BSC holders affected by the recent hack via the 2-steps process (NFT sale + partial redirection of DAO member rewards) described in the Proposal 1 (rev0.6)? - Proposals - pNetwork (Nov 6)