PUNDI AI

DESCRIPTION OF EVENTS

Pundi AI aims to democratize artificial intelligence by creating open, decentralized systems for data sharing and participation, with the larger mission of generating one million job opportunities. Its ecosystem includes several key components: the Pundi AI Data Platform, Data Pump, Data Marketplace, AIFX Omnilayer, AI Points (Alpha), the PURSE+ browser plugin, and the Pundi AI MM Agent.

At the core, the Pundi AI Data Platform offers professional data labeling and annotation services, enabling anyone to participate in “tag-and-earn” activities that make AI data more accessible and community-driven. The Pundi AIFX Omnilayer ensures transparency and security by recording activities on-chain and integrating with IPFS and multiple blockchains. Through the PURSE+ browser plugin, users can contribute directly on platforms like X (Twitter) by tagging and annotating social AI data.

In 2025, Pundi AI will expand its ecosystem with the launch of the Pundi AI Data Marketplace, where users can trade both raw and trained datasets. Alongside it, the Pundi AI MM Agent will debut, allowing decentralized training and market-making of AI agents and their DAO tokens, further driving a participatory and economically inclusive AI landscape.

The vulnerability is not a flaw in ERC‑1967 itself but in the deployment/initialization flow. If initialization/ownership steps are done later or rely on a separate transaction, a frontrunner or watcher can intervene.

Block explorers and UIs can be misled by superficially normal-looking “upgrade” events or by attacker-created txns; they may display an implementation change without indicating it was unauthorized.

Cross‑chain bridges and third‑party implementations (e.g., token copies minted by Axelar) lacked a compatible freeze/admin mechanism, preventing full remediation across all chains.

The deployed contracts used the ERC‑1967 proxy pattern (a standard proxy that stores implementation and admin in fixed storage slots). The proxies were deployed but the initialization/upgrade step that sets the proxy’s admin and locks down upgrade/minting permissions was never completed (or completed in a way that remained unsafe). That left the proxy’s upgradeability/administration entrypoint effectively open — an attacker could set a malicious implementation or otherwise gain privileged control because the proxy’s admin/initializer guard was not owned/locked to the team.

With the proxy admin/initializer unset or controllable, the attacker deployed or pointed the proxy at a malicious implementation contract that exposed privileged functions (e.g. a mint function or a function that grants the attacker a minter role). Because the proxy forwards calls to whatever implementation slot contains, the attacker then invoked those privileged functions through the proxy and minted a large supply of PUNDIAI. They converted minted tokens into liquidity (bridged/sold) across chains to realize value. The attacker also used deception (emitted or replayed fake upgrade-like events) and rapid mempool activity to obscure the malicious initialization and to act before the team could respond.

Losses were reported by SlowMist as $6.57m USD. Attackers exploited uninitialized contracts to set malicious implementations and mint 1 million $PUNDIAI tokens on July 12. This led to an initial loss of roughly $535,000 in assets, though the team swiftly intervened to contain the damage.

Upon detecting the exploit, the team froze the attacker’s assets, locked liquidity pools, and disabled the bridge on the same day. The Pundi AIFX Omnilayer, which connects cross-chain activity, was also frozen to prevent further movement of stolen tokens.

The Pundi AI team responded within hours, freezing bridges, halting transfers, and collaborating with CEX partners to suspend PUNDIAI deposits. Through these emergency measures, they recovered or locked over 70% of the stolen funds, amounting to 710,193 PUNDIAI and around $275,000 worth of crypto assets. The team performed an emergency upgrade to the Pundi AIFX Omnilayer, enabling selective freezing of attacker funds while allowing normal user operations to resume.

Approximately $260,000 in assets were lost, having already been swapped into ETH, USDT, and BNB. Unfortunately, the attacker successfully converted ~$260,000 into ETH, USDT, and BNB, which was unrecoverable as it had already been swapped and moved across chains. The funds were lost during the rapid sell-off and swap actions by the attacker.

The team successfully recovered 710,193 PUNDIAI tokens (worth roughly $275,000). They also managed to lock down or freeze around $275,000 in attacker assets in various forms such as WETH, USDT, PUNDIX, and ETH.

Some of the stolen funds were frozen early in the attack, preventing the attacker from fully cashing out. This included about 264,000 PUNDIAI tokens and additional assets like 21.88 WETH and 20,172 USDT.

"~$265k worth of crypto and 710,193 PUNDIAI are locked or recovered by the team, while ~$260k worth of crypto is considered lost as it was swapped into ETH/USDT/BNB. There are still 78,191 PUNDIAI in BSC which we are unable to freeze as it is a third party implementation by Axelar which does not have the freeze function."

Looking ahead, Pundi AI plans to unfreeze Ethereum-based PUNDIAI transfers, restore bridge operations, and coordinate with centralized exchanges to resume deposits. Due to the inability to freeze attacker funds on BSC (as it relies on a third-party Axelar implementation), the team intends to deploy a new BSC PUNDIAI token contract to protect legitimate holders. Despite the breach, the swift containment and majority fund recovery underscored the resilience of Pundi AI’s multi-chain infrastructure and coordination with partner validators.

Due to the limitations of the third-party bridge (Axelar), the team announced plans to deploy a new PUNDIAI token contract on BSC, which would replace the compromised tokens for all holders except for the attacker. This was expected to take about a week, with a snapshot taken soon after.

Pundi AI is focused on democratizing artificial intelligence by creating open, decentralized systems for data sharing, with the goal of generating one million job opportunities. In July 2025, an exploit occurred due to uninitialized ERC-1967 proxy contracts, allowing an attacker to mint 1M PUNDIAI tokens. The Pundi AI team quickly responded by freezing assets, locking liquidity, and recovering over 70% of the stolen funds. Although around $260K was lost, the team plans to deploy a new BSC token contract to protect legitimate holders and restore full functionality across chains.

dnes-saak45 - "Hello, i did cross chain transfer usdt from pundiai to bsc couple of hours before, it stills shows pending but when i went inside and checked transaction it said success but i could see it was sent to burnt address… can you please refund it to my address… it still says pending… i have attached all the screenshots herewith. Thank you." - Pundi.Ai Forum (Oct 27)
The First Transaction Under Attacker Mints - EtherScan (Oct 27)
The Unauthorized Minting of 1,000,000 PUNDI AI - EtherScan (Oct 27)
Fx-pundiai swap bug and response ( NOT PUNDIX) - Pundi.AI Forums (Oct 27)
Pundi AI Homepage (Oct 27)
Pundi AI Gitbook (Oct 27)

More case studies

Plasma Network USDT0 Liquidity
Pool Twitter/X Takeover

Arcadia Finance Rebalancer
swapData Delegated Power Abuse