pNetwork, a cross-chain DeFi protocol built on the Binance Smart Chain (BSC), suffered an attack that drained over $12 million from the protocol. According to a series of tweets posted by the pNetwork, an attacker was able to leverage a bug in the protocol’s codebase and steal 277 pBTC—Bitcoin wrapped in the pNetwork ecosystem.
1/N We’re sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral).
The other bridges were not affected. All other funds in the pNetwork are safe.
— pNetwork 🦜 (@pNetworkDeFi) September 19, 2021
While none of the bridges to other blockchains have been affected by the same bug, developers preemptively deactivated all of their cross-chain infrastructures and have been working on relaunching the network.
$12 million worth of wrapped Bitcoin still missing from pNetwork
pNetwork said that it managed to identify the bug that led to the hack and is working on fixing it. Developers were also working on a solution for users that were affected by the attack and lost their funds.
“We are sorry about what happened and we want to reassure you that it’s our priority to make you whole. In the meantime, pBTC on BSC is working as usual but is currently not redeemable as its bridge is suspended until further notice,” pNetwork said in a tweet.
Several hours after the hack, a fix to the issue was proposed and was extensively reviewed before being deployed.
However, deploying the bug fix hasn’t made all of pNetwork’s bridges fully operational yet. The project said that it was reviewing its cross-chain infrastructure for similar exploits and that it will gradually reactivate the bridges over the next few days. Until then, the bridges will run with extra security measures, which include slower transaction times.
pNetwork enables users to transfer Bitcoin (BTC) and other assets across Layer 1 networks such as Ethereum and Binance Smart Chain through pegged assets called pTokens. The network provides specific bridge contracts that take cryptocurrencies as collateral and mint their tokenized versions on other blockchains.
It is still unclear what caused the vulnerability in the bridge connecting Bitcoin and Binance Smart Chain and enabled the hacker to extract the entire deposited collateral. pNetwork said that a detailed post-mortem will be published in the coming days, offering the hacker a $1.5 million bounty for returning the funds.
4/N To the black hat hacker. Although this is a long shot, we’re offering a clean $1,500,000 bounty if funds are returned.
Finding vulnerabilities is part of the game unfortunately, but we all want DeFi ecosystem to continue growing, returning funds is a step in that direction
— pNetwork 🦜 (@pNetworkDeFi) September 19, 2021
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
On-chain analysis
Price snapshots
More context