<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=Perpy_Finance_Contract_Initialization_Issue</id>
	<title>Perpy Finance Contract Initialization Issue - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=Perpy_Finance_Contract_Initialization_Issue"/>
	<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Perpy_Finance_Contract_Initialization_Issue&amp;action=history"/>
	<updated>2026-07-14T16:47:42Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.39.1</generator>
	<entry>
		<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Perpy_Finance_Contract_Initialization_Issue&amp;diff=5982&amp;oldid=prev</id>
		<title>Azoundria: Created page with &quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/perpyfinancecontractinitializationissue.php}} {{Unattributed Sources}}  Perpy Finance Logo/HomepagePerpy Finance allows traders and investors to connect. The social finance project reported being attacked on May 6th. A hacker was reportedly able to update the contract and illicitly withdraw 58,489,594 PRY tokens. These were then transferred and exchanged f...&quot;</title>
		<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Perpy_Finance_Contract_Initialization_Issue&amp;diff=5982&amp;oldid=prev"/>
		<updated>2024-09-17T19:20:08Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/perpyfinancecontractinitializationissue.php}} {{Unattributed Sources}}  &lt;a href=&quot;/cryptocurrencyhackscamfraudwiki/index.php?title=File:Perpyfinance.jpg&quot; title=&quot;File:Perpyfinance.jpg&quot;&gt;thumb|Perpy Finance Logo/Homepage&lt;/a&gt;Perpy Finance allows traders and investors to connect. The social finance project reported being attacked on May 6th. A hacker was reportedly able to update the contract and illicitly withdraw 58,489,594 PRY tokens. These were then transferred and exchanged f...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/perpyfinancecontractinitializationissue.php}}&lt;br /&gt;
{{Unattributed Sources}}&lt;br /&gt;
&lt;br /&gt;
[[File:Perpyfinance.jpg|thumb|Perpy Finance Logo/Homepage]]Perpy Finance allows traders and investors to connect. The social finance project reported being attacked on May 6th. A hacker was reportedly able to update the contract and illicitly withdraw 58,489,594 PRY tokens. These were then transferred and exchanged for 41.895 ETH. According to Perpy Finance's incident analysis report, &amp;quot;this breach was made possible by an error in initializing the proxy contract for the staking liquid module, which was a fork of the staking vested model previously audited and used by Camelot. The actual transaction itself does not appear to be published.&amp;lt;ref name=&amp;quot;slowmisthackedarchive-14002&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinance-14010&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinancearchive-14011&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinance-14012&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinancedocs-14013&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinancedocs-14014&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;neptunemutual-14015&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinancetwitter-14016&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;perpyfinancetwitter-14017&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== About Perpy Finance ==&lt;br /&gt;
&amp;quot;Perpy is the home of SocialFi &amp;amp; Asset Management, where we connect traders with investors through two major verticals: Trading Vaults and Communities. Perpy offers Traders the best venues and tools to monetize their trading skills, grow their brand, and nurture their community. In the meantime, Investors can profit from Traders' skills by allocating funds in a secure and non-custodial way.&lt;br /&gt;
&lt;br /&gt;
With the current state of the ecosystem, traders have no optimal medium to share their trading setups and performance in a transparent, legitimate, and verifiable manner. Building an engaged community is even harder, and the overhead of managing different platforms, tooling, and paywalls is time-consuming. The same goes for users who follow multiple accounts, Alfa sources, a dozen Telegram groups, and a bunch of private Discord servers. &lt;br /&gt;
&lt;br /&gt;
These are discrepancies and unefficiencies across crypto communities to share and earn together. That’s where Perpy brings another piece of the puzzle with an all-in-one solution to solve this major issue. &lt;br /&gt;
&lt;br /&gt;
With its Social Layer and Trading Vaults, Perpy is taking the concepts of Social Trading and  Marketplace between Traders and Investors to another level. Perpy offers a unique opportunity to create or join communities where exclusive content, insights, market perspectives, and hot narratives can be accessed publicly or privately at the vault manager's discretion, like any messaging app. &lt;br /&gt;
&lt;br /&gt;
On top of this Social Layer, we’re plugging the Trading Vault, where the vault manager can trade on behalf of his investors (aka the community members), take commissions on any profits generated and have access to an in-depth and unmatched on-chain trading journal and statistics page.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== The Reality ==&lt;br /&gt;
&amp;quot;This breach was made possible by an error in initializing the proxy contract for the staking liquid module, which was a fork of the staking vested model previously audited and used by Camelot. We overconfidently chose not to audit this fork, incorrectly considering it risk-free, a decision that led to this exploit.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== What Happened ==&lt;br /&gt;
&amp;quot;On May 6, we detected an exploit in our staking contract after observing a significant sell-off and receiving reports that users were unable to interact with the staking module. A hacker was able to update the contract and illicitly withdrew 58,489,594 $PRY tokens. These were then transferred and exchanged for 41.895 ETH.&amp;quot;&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|+Key Event Timeline - Perpy Finance Contract Initialization Issue&lt;br /&gt;
!Date&lt;br /&gt;
!Event&lt;br /&gt;
!Description&lt;br /&gt;
|-&lt;br /&gt;
|May 6th, 2024 1:34:00 AM MDT&lt;br /&gt;
|Perpy Finance Warning Tweet&lt;br /&gt;
|Perpy Finance posts an initial warning tweet to notify the community about the exploit transaction happening.&lt;br /&gt;
|-&lt;br /&gt;
|May 10th, 2024 7:59:01 AM MDT&lt;br /&gt;
|Perpy Finance Update Posted&lt;br /&gt;
|Perpy Finance shares an update about the incident which happened.&lt;br /&gt;
|-&lt;br /&gt;
|May 13th, 2024 7:39:00 AM MDT&lt;br /&gt;
|Platform Update Released&lt;br /&gt;
|Perpy Finance releases an update to their platform.&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&amp;quot;Perpy's core contracts have a simple structure: A factory contract is responsible for creating Trading Vaults for traders where they will be able to trade users’ deposits. After a deposit is made, the user receives an equivalent amount of shares corresponding to an ERC-20 contract which acts as a proof of deposit. The vault also tracks the performance of the trader through the shares and manages fees redistribution. TVL and shares are calculated by Pyth Network oracle.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The vulnerability was related to a section of the code that was added post-audit to introduce liquid staking.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;This breach was made possible by an error in initializing the proxy contract for the staking liquid module, which was a fork of the staking vested model previously audited and used by Camelot. We overconfidently chose not to audit this fork, incorrectly considering it risk-free, a decision that led to this exploit.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Total Amount Lost ==&lt;br /&gt;
The total amount lost has been estimated at $132,000 USD.&lt;br /&gt;
&lt;br /&gt;
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?&lt;br /&gt;
&lt;br /&gt;
== Immediate Reactions ==&lt;br /&gt;
&amp;quot;Security alert We've detected a malicious interaction with the staking contracts. Do not interact with the staking module until further notice. A plan to fix the exploit and refund affected users will be communicated shortly after our investigation is done.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;On May 6, we detected an exploit in our staking contract after observing a significant sell-off and receiving reports that users were unable to interact with the staking module. A hacker was able to update the contract and illicitly withdrew 58,489,594 $PRY tokens. These were then transferred and exchanged for 41.895 ETH.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;As a precautionary measure, we have temporarily paused the staking contract.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;In response to the hack, we acted swiftly to mitigate the impact on our users. We’ve bought back the $PRY tokens dumped by the hackers and have completed redistributing them to all affected stakers, restoring their original staked amounts. This action cost the treasury approximately 170K USDC.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Ultimate Outcome ==&lt;br /&gt;
&amp;quot;We have put liquid staking on hold and have already launched an audit of the staking contracts with Peckshield, expected to conclude by May 18, 2024. If the audit is cleared, we plan to reopen liquid staking the following week.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;We deeply regret this incident and accept full responsibility. We acted quickly to protect our community, and all subsequent actions were taken with your best interests in mind. We hope that our immediate buyback and refund actions demonstrate our dedication and loyalty to you.&lt;br /&gt;
&lt;br /&gt;
In retrospect, we recognize that our drive to rapidly introduce new features compromised our platform's stability and user experience. Moving forward, we are refocusing our efforts on enhancing the core features and the overall trading experience, delaying non-essential features like NFT vault integration, NFT Perp or Sports Betting, to prioritize the security, efficiency and overall user experience of the dApp.&lt;br /&gt;
&lt;br /&gt;
Luckily, this hack happened when our token's value was low, which means we could handle the loss without endangering Perpy’s future. We have been meticulous in managing our cash flow and have sufficient reserves to sustain our project for many years to come.&lt;br /&gt;
&lt;br /&gt;
Despite our significant efforts in Marketing and Business Development, we are facing challenges due to the reluctance surrounding the price performance of the $PRY token. KOLs are hesitant to engage in public trading or discuss the token's performance. That’s one of the reasons why our marketing efforts have had a limited impact. Our reputation has suffered since the underperforming ICO on Camelot, making marketing more difficult. Unfortunately, users tend to focus on the token's price and associated reputation rather than seeing all the accomplishments over the past year. We share your dissatisfaction with the activity on Perpy and the token's price performance. The most frustrating aspect is that we're giving absolutely everything and working as never before to develop the dApp.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Total Amount Recovered ==&lt;br /&gt;
There do not appear to have been any funds recovered in this case.&lt;br /&gt;
&lt;br /&gt;
What funds were recovered? What funds were reimbursed for those affected users?&lt;br /&gt;
&lt;br /&gt;
== Ongoing Developments ==&lt;br /&gt;
What parts of this case are still remaining to be concluded?&lt;br /&gt;
== Individual Prevention Policies ==&lt;br /&gt;
{{Prevention:Individuals:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Individuals:End}}&lt;br /&gt;
&lt;br /&gt;
== Platform Prevention Policies ==&lt;br /&gt;
{{Prevention:Platforms:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Platforms:End}}&lt;br /&gt;
&lt;br /&gt;
== Regulatory Prevention Policies ==&lt;br /&gt;
{{Prevention:Regulators:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Regulators:End}}&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&amp;lt;references&amp;gt;&amp;lt;ref name=&amp;quot;slowmisthackedarchive-14002&amp;quot;&amp;gt;[https://web.archive.org/web/20240528162656/https://hacked.slowmist.io/?c=&amp;amp;page=2 SlowMist Hacked - SlowMist Zone] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinance-14010&amp;quot;&amp;gt;[https://perpy-finance.beehiiv.com/p/update-recent-exploit https://perpy-finance.beehiiv.com/p/update-recent-exploit] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinancearchive-14011&amp;quot;&amp;gt;[https://web.archive.org/web/20240522124729/https://perpy-finance.beehiiv.com/p/update-recent-exploit https://web.archive.org/web/20240522124729/https://perpy-finance.beehiiv.com/p/update-recent-exploit] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinance-14012&amp;quot;&amp;gt;[https://perpy.finance/ Perpy - Decentralized Social Trading App] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinancedocs-14013&amp;quot;&amp;gt;[https://docs.perpy.finance/perpy-finance Overview | Perpy Finance] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinancedocs-14014&amp;quot;&amp;gt;[https://docs.perpy.finance/perpy-finance/perpy/protocol-technical-description Protocol Technical Description | Perpy Finance] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;neptunemutual-14015&amp;quot;&amp;gt;[https://neptunemutual.com/hack-database/ DeFi and Cryptocurrency Hacks / Neptune Mutual] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinancetwitter-14016&amp;quot;&amp;gt;[https://twitter.com/PerpyFinance/status/1790013963452969316 @PerpyFinance Twitter] (May 28, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;perpyfinancetwitter-14017&amp;quot;&amp;gt;[https://twitter.com/PerpyFinance/status/1788932228228988929 @PerpyFinance Twitter] (May 28, 2024)&amp;lt;/ref&amp;gt;&amp;lt;/references&amp;gt;&lt;/div&gt;</summary>
		<author><name>Azoundria</name></author>
	</entry>
</feed>