Last active
May 7, 2020 10:06
-
-
Save WhoSoup/9fde1ed533727f9783c87c97728de85e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Summary of the PegNet 51% attack on 4/21/2020 | |
============================================= | |
TL;DR: A miner or group of miners with more than 51% of hashpower submitted an | |
artificially inflated price for JPY, turning ~1,265.79 pJPY (~11.79 USD) into | |
~6.7mm pUSD, then tried to liquidate as much as they could on exchanges. | |
Timeline: | |
Block 241369 | |
The address FA2dZeSVXZMVzGMGMqG5vhgoQ7J6LUjguQjC5RKTf7nRcFk9KvEj | |
converted ~11.73 pUSD to ~1,265 pJPY | |
(https://pexplorer.factom.com/transactions/0-3d30e91adeb26c79f21752a39c3b1b07a5179fc793ffb5ae9a3a98acee0a2238) | |
Block 241473 | |
The address FA2dZeSVXZMVzGMGMqG5vhgoQ7J6LUjguQjC5RKTf7nRcFk9KvEj submits a | |
conversion of ~1,256 pJPY to pUSD to be executed in the next block | |
(https://explorer.factoid.org/entry?hash=806fb7cfd1c80cb954161aa49d38c37c983fbb7753697a59a30d2e513f3a8331) | |
30 of the top 50 OPRs (60%) submitted in the block contain | |
a pJPY price of ~5306 USD (actual rate is ~0.009 USD) | |
(https://gist.githubusercontent.com/WhoSoup/4413317019547626e67fdbf133e8cc4b/raw/23010e5f1f9806cb12d09a5218ad4d03f4de1d6c/241473) | |
Block 241474 | |
35 of the top 50 OPRs (70%) submitted in the block contain | |
a pJPY price of ~5306 USD | |
https://gist.githubusercontent.com/WhoSoup/4413317019547626e67fdbf133e8cc4b/raw/23010e5f1f9806cb12d09a5218ad4d03f4de1d6c/241474 | |
Block 241475: | |
The transaction from block 241473 is executed using the pJPY rate of | |
block 241474, converting into 6.7mm pUSD | |
(https://pexplorer.factom.com/transactions/0-806fb7cfd1c80cb954161aa49d38c37c983fbb7753697a59a30d2e513f3a8331) | |
Miners are back to submitting regular data | |
(The data for blocks 241472 - 241475 is available: | |
https://gist.github.com/WhoSoup/4413317019547626e67fdbf133e8cc4b) | |
Blocks 241521 & 241522 & 241523: | |
The attacker transfered the vast majority of assets to an agreed upon | |
burn adress with no known private key | |
(FA2BURNBABYBURNoooooooooooooooooooooooooooooooDGvNXy) in a series of | |
~9000 transactions: | |
https://pexplorer.factom.com/addresses/FA2BURNBABYBURNoooooooooooooooooooooooooooooooDGvNXy | |
The current burnt amount can be seen in the PNMC rich list | |
(https://pegnetmarketcap.com/rich-list) to have $6,520,673.54 at the time | |
of writing, though the amount will vary based on the exchange rates of the | |
individual assets. | |
* The transaction was carefully timed to coincide with attack that only lasted | |
2 blocks indicates it was malicious in intent | |
* pJPY was the only asset whose price was changed during this attack | |
* No other transactions exploited the price of pJPY in this timeframe | |
* The 6.7mm pUSD is converted to various assets, as well as distributed to | |
hundreds of different addresses | |
* The mining IDs used in the attack have been used in PegNet for a while and | |
appear to be the same people that normally mine under these identities (there | |
are no conflicting prices within the IDs as would be expected if someone | |
added malicious OPRs to existing OPRs with the same ID) | |
* The attacker has been mining PegNet for a while | |
* The mining ids are: HedgehogsUnited, bOrax, Schr0dinger, and MiningCenter | |
(note, bOrax has no relations to Orax Pool that I'm aware of) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment