| Summary of the PegNet 51% attack on 4/21/2020 | |
| ============================================= | |
| TL;DR: A miner or group of miners with more than 51% of hashpower submitted an | |
| artificially inflated price for JPY, turning ~1,265.79 pJPY (~11.79 USD) into | |
| ~6.7mm pUSD, then tried to liquidate as much as they could on exchanges. | |
| Timeline: | |
| Block 241369 | |
| The address FA2dZeSVXZMVzGMGMqG5vhgoQ7J6LUjguQjC5RKTf7nRcFk9KvEj | |
| converted ~11.73 pUSD to ~1,265 pJPY | |
| (https://pexplorer.factom.com/transactions/0-3d30e91adeb26c79f21752a39c3b1b07a5179fc793ffb5ae9a3a98acee0a2238) | |
| Block 241473 | |
| The address FA2dZeSVXZMVzGMGMqG5vhgoQ7J6LUjguQjC5RKTf7nRcFk9KvEj submits a | |
| conversion of ~1,256 pJPY to pUSD to be executed in the next block | |
| (https://explorer.factoid.org/entry?hash=806fb7cfd1c80cb954161aa49d38c37c983fbb7753697a59a30d2e513f3a8331) | |
| 30 of the top 50 OPRs (60%) submitted in the block contain | |
| a pJPY price of ~5306 USD (actual rate is ~0.009 USD) | |
| (https://gist.githubusercontent.com/WhoSoup/4413317019547626e67fdbf133e8cc4b/raw/23010e5f1f9806cb12d09a5218ad4d03f4de1d6c/241473) | |
| Block 241474 | |
| 35 of the top 50 OPRs (70%) submitted in the block contain | |
| a pJPY price of ~5306 USD | |
| https://gist.githubusercontent.com/WhoSoup/4413317019547626e67fdbf133e8cc4b/raw/23010e5f1f9806cb12d09a5218ad4d03f4de1d6c/241474 | |
| Block 241475: | |
| The transaction from block 241473 is executed using the pJPY rate of | |
| block 241474, converting into 6.7mm pUSD | |
| (https://pexplorer.factom.com/transactions/0-806fb7cfd1c80cb954161aa49d38c37c983fbb7753697a59a30d2e513f3a8331) | |
| Miners are back to submitting regular data | |
| (The data for blocks 241472 - 241475 is available: | |
| https://gist.github.com/WhoSoup/4413317019547626e67fdbf133e8cc4b) | |
| Blocks 241521 & 241522 & 241523: | |
| The attacker transfered the vast majority of assets to an agreed upon | |
| burn adress with no known private key | |
| (FA2BURNBABYBURNoooooooooooooooooooooooooooooooDGvNXy) in a series of | |
| ~9000 transactions: | |
| https://pexplorer.factom.com/addresses/FA2BURNBABYBURNoooooooooooooooooooooooooooooooDGvNXy | |
| The current burnt amount can be seen in the PNMC rich list | |
| (https://pegnetmarketcap.com/rich-list) to have $6,520,673.54 at the time | |
| of writing, though the amount will vary based on the exchange rates of the | |
| individual assets. | |
| * The transaction was carefully timed to coincide with attack that only lasted | |
| 2 blocks indicates it was malicious in intent | |
| * pJPY was the only asset whose price was changed during this attack | |
| * No other transactions exploited the price of pJPY in this timeframe | |
| * The 6.7mm pUSD is converted to various assets, as well as distributed to | |
| hundreds of different addresses | |
| * The mining IDs used in the attack have been used in PegNet for a while and | |
| appear to be the same people that normally mine under these identities (there | |
| are no conflicting prices within the IDs as would be expected if someone | |
| added malicious OPRs to existing OPRs with the same ID) | |
| * The attacker has been mining PegNet for a while | |
| * The mining ids are: HedgehogsUnited, bOrax, Schr0dinger, and MiningCenter | |
| (note, bOrax has no relations to Orax Pool that I'm aware of) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment