DeFi Bridging Protocol pNetwork Suffers $12 Million Hack

An unidentified hacker has stolen 277 wrapped Bitcoin, currently worth around $12.5 million, by exploiting a bug in decentralized finance (DeFi) interoperability protocol pNetwork, its developers disclosed on Sunday.

According to the platform’s Twitter account, a bug in the protocol’s codebase was used to attack pBTC tokens—pNetwork’s version of wrapped Bitcoin—that were stored on Binance Smart Chain (BSC).

1/N We're sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral).

The other bridges were not affected. All other funds in the pNetwork are safe.

— pNetwork (@pNetworkDeFi) September 19, 2021

Wrapped assets are one of the myriad DeFi applications available on the market. DeFi is a growing ecosystem within the crypto industry that offers many of the same traditional services as banks and brokers but without centralized entities.

To create a wrapped asset, in this case Bitcoin, users must lock it up on its native blockchain and mint a corresponding “wrapped” version that can be processed on other networks. This wrapped version then tracks the price of the original asset but is compatible with another blockchain.

Per pNetwork’s website, there is currently just over $190 million worth of various cryptocurrencies locked in the protocol’s cross-chain bridges. Luckily, most of them ostensibly remain safe since only pBTC tokens on BSC were affected by today’s hack.

Shortly after the hack was discovered, the protocol’s developers stated that they have identified the bug and “have a proposed fix” and “are now waiting for everyone to review it.”

In the meantime, they also tried to appeal to the hacker’s better nature and offered them a “clean” bounty of $1.5 million in exchange for the stolen funds. It is currently unclear whether the attacker responded to this offer or not.

“To the black hat hacker. Although this is a long shot, we're offering a clean $1,500,000 bounty if funds are returned. Finding vulnerabilities is part of the game unfortunately, but we all want DeFi ecosystem to continue growing, returning funds is a step in that direction,” pNetwork tweeted.

The developers also reassured the protocol’s users that they “are working on a solution for users who were affected by the attack (pBTC on BSC holders only)” and “will keep you posted on this.”