Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Summary of the PegNet 51% attack on 4/21/2020
TL;DR: A miner or group of miners with more than 51% of hashpower submitted an
artificially inflated price for JPY, turning ~1,265.79 pJPY (~11.79 USD) into
~6.7mm pUSD, then tried to liquidate as much as they could on exchanges.
Block 241369
The address FA2dZeSVXZMVzGMGMqG5vhgoQ7J6LUjguQjC5RKTf7nRcFk9KvEj
converted ~11.73 pUSD to ~1,265 pJPY
Block 241473
The address FA2dZeSVXZMVzGMGMqG5vhgoQ7J6LUjguQjC5RKTf7nRcFk9KvEj submits a
conversion of ~1,256 pJPY to pUSD to be executed in the next block
30 of the top 50 OPRs (60%) submitted in the block contain
a pJPY price of ~5306 USD (actual rate is ~0.009 USD)
Block 241474
35 of the top 50 OPRs (70%) submitted in the block contain
a pJPY price of ~5306 USD
Block 241475:
The transaction from block 241473 is executed using the pJPY rate of
block 241474, converting into 6.7mm pUSD
Miners are back to submitting regular data
(The data for blocks 241472 - 241475 is available:
Blocks 241521 & 241522 & 241523:
The attacker transfered the vast majority of assets to an agreed upon
burn adress with no known private key
(FA2BURNBABYBURNoooooooooooooooooooooooooooooooDGvNXy) in a series of
~9000 transactions:
The current burnt amount can be seen in the PNMC rich list
( to have $6,520,673.54 at the time
of writing, though the amount will vary based on the exchange rates of the
individual assets.
* The transaction was carefully timed to coincide with attack that only lasted
2 blocks indicates it was malicious in intent
* pJPY was the only asset whose price was changed during this attack
* No other transactions exploited the price of pJPY in this timeframe
* The 6.7mm pUSD is converted to various assets, as well as distributed to
hundreds of different addresses
* The mining IDs used in the attack have been used in PegNet for a while and
appear to be the same people that normally mine under these identities (there
are no conflicting prices within the IDs as would be expected if someone
added malicious OPRs to existing OPRs with the same ID)
* The attacker has been mining PegNet for a while
* The mining ids are: HedgehogsUnited, bOrax, Schr0dinger, and MiningCenter
(note, bOrax has no relations to Orax Pool that I'm aware of)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment