Pnetwork Protocol to Implement Additional Security Measures after the Recent Hack of $12M

Pnetwork Protocol to Implement Additional Security Measures after the Recent Hack of $12M
Image Source: Shutterstock
Read News

Read News For Me

The cross-chain project, pNetwork, on September 19th was attacked by the hacker, and 277 BTC was stolen from pBTC on BSC collateral.

We’re sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral).

The other bridges were not affected. All other funds in the pNetwork are safe.

~Twitter (@pNetworkDeFi) 

PNetwork is definitely not the first DeFi platform to be exploited this month. We always say that DeFi space is very vulnerable to cyberattacks, and the pNetwork hack has proved it again. According to the announcement the attack was due to the exploitation of a bug in the codebase. Also, the team has offered the attacker to keep around 11.5% of funds if he is willing to return the rest of the funds.

What did happen exactly?

The attacker performed the offensive against multiple pToken bridges on September 19th, but the exploit was only successful on pBTC on BSC cross-chain bridge. The attacker also tried to attack TLOS on BSC, PNT on BSC, TLOS on ETH, pSAFEMOON on ETH and pBTC on ETH; however, the attempt wasn't successful.

To execute the hack, the attacker first withdrew BNB tokens from Binance, which were then used to deploy a set of smart contracts crafted to abuse the peg-out instructions.

These smart contracts created several log events, including one legit peg-out request and the rest faulty peg-out requests. Now, all the logs were erroneously processed due to a bug in that section, and the attacker moved the stolen BTC to a number of addresses.

This all started strictly at 5:20 pm UTC, and the team began to fix the bug at 7:45 pm UTC. However, the main bridges were stopped soon after the team noticed this misbehaviour.

All the other bridges were soon reactivated by the team after confirming their security and added extra security measures.

pNetwork is working to compensate the pToken holders

It was confirmed that only pBTC on BSC was affected during the attack, and the team is trying to find a solution to compensate the pToken holders for their value lost during the attack. Notably, this compensation plan is not for those holders who had exchanged their pBTC with some other asset before the attack.

pNetwork has offered the attacker a bug bounty of $1,500,000 in case he is willing to return the funds. 

pNetwork is implementing additional security measures

Their team is now trying to improve their system following the first direct hack of the network. They are focused on building more innovative security protocols for the users. Before the broadcasting of the signed transactions, some extra checks will be executed.

Also, the network has implemented extra checks for processing the transactions for triggering protective actions when required.

In collaboration with Cryptonics Consulting, the security auditing process will still be used to continuously monitor and review the codebase. The team believes that this audit activity will positively contribute to the overall security of the protocol. Additionally, they are trying to get more security auditing firms to collaborate to provide extra audits to their codebase.

A bug bounty programme will soon be introduced for the white hat hackers to help in the system’s security. The white hat hackers can identify the system's vulnerabilities and report them securely to the team without affecting the users.

Closing thoughts

This was the first time when pNetwork was directly exploited, although the hacks in DeFi space aren’t new. Keeping in view the increasing number of attacks, there is a massive need to increase the security of these protocols to safeguard the users' funds.

For the compensation of the affected users, the pNetwork team is going to wait for few days for the response of the attacker for their offer of $1,500,000 as a bug bounty. After that, additional steps will be considered for compensating the users. In case the hacker would not return the funds, the positive returns of the pNetwork project could be redirected to compensate the users.