Pnetwork, a multi-chain bridging protocol, announced it was hacked yesterday, losing 277 pbtc (its bridged version of bitcoin) on Binance Smart Chain. The protocol acknowledged that an attacker managed to exploit a bug in its codebase to take control of the stolen bitcoin. The bridging contracts are currently working as usual but with extra security measures enabled.
Pnetwork Protocol Hacked: 277 Bitcoin Lost
Pnetwork, a decentralized finance bridging protocol, informed users it was the victim of a hack, losing 277 bitcoin in the attack. Pnetwork eases mobility of assets like bitcoin and ether among several chains. This contributes to extending the liquidity of each decentralized finance environment on different chains.
Pnetwork reported that a bug in its codebase was used to perpetrate this attack. The bug allowed the attacker to siphon 277 bitcoin that was being bridged to the Binance Smart Chain network. No other bridges or networks were affected in the process. The protocol’s team has already found the bug and introduced a patch to fix it. In a tweet, the team declared that:
Bridges are being extensively reviewed for that and similar exploits. The bridges will be gradually reactivated over the next few days.
A Proposal to the Hacker
Pnetwork also made a proposal to the attackers, asking them to return the funds in exchange for a bounty. It stated:
To the black hat hacker. Although this is a long shot, we’re offering a clean $1,500,000 bounty if funds are returned. Finding vulnerabilities is part of the game, unfortunately, but we all want the defi ecosystem to continue growing, returning funds is a step in that direction.
If such a return actually happens, it won’t be the first time. This happened with Polynetwork, another decentralized finance protocol, when the attacker returned more than $600 million that was stolen. Another instance is the recent hack of Miso, the new token issuance platform on the Sushi protocol.
However, this time the exploit was a little different. Miso’s team was able to link the possible identity of the attacker to the funds. Polynetwork had similar information. After this, funds were returned. In Pnetwork’s case, there has still not been a response at the time of writing. Pnetwork stated it is making it a priority to reimburse users, but has not elaborated on how.
What are your thoughts on the Pnetwork hack? Tell us in the comments section below.