“Wrapped” Bitcoin worth more than $12m has been stolen from the decentralized finance protocol pNetwork.
The cross-chain project announced the theft of 277 BTC on September 19 via Twitter, ascribing the hack to a codebase vulnerability.
The theft was executed on Binance Smart Chain, which featured in the biggest ever DeFi heist in history – the $610m Poly Network hack that took place in August.
pNetwork supports multiple blockchains, including Ethereum, xDAI, EOS, Polygon, Binance Smart Chain, Telos and Ultra. Wrapped tokens increase interoperability between different blockchains by making it possible for currency created on one blockchain to cross onto another.
“We’re sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral),” said pNetwork.
“The other bridges were not affected. All other funds in the pNetwork are safe.”
The DeFi platform said it had identified the bug but would keep certain data bridges closed until a fix was found.
In a bid to recover the stolen cryptocurrency, pNetwork has publicly offered to pay its attacker 12.5% of their total illegal haul.
“To the black hat hacker. Although this is a long shot, we’re offering a clean $1,500,000 bounty if funds are returned,” said the platform on Twitter.
4/N To the black hat hacker. Although this is a long shot, we're offering a clean $1,500,000 bounty if funds are returned.
— pNetwork 🦜 (@pNetworkDeFi) September 19, 2021
Finding vulnerabilities is part of the game unfortunately, but we all want DeFi ecosystem to continue growing, returning funds is a step in that direction
“Finding vulnerabilities is part of the game, unfortunately, but we all want [the] DeFi ecosystem to continue growing, returning funds is a step in that direction.”
pNetwork is undertaking an investigation which it described as “a detailed post-mortem.”
“We want to assure everyone that we are prioritizing security over speed,” said the platform, adding, “Bridges are being extensively reviewed for that and similar exploits.”
On Monday, pNetwork said that while its Telos and EOS bridges had been safely restored, they would be “running with extra security measures in place for the first few days.”
In its most recent update, posted at around 6 pm Eastern Time on September 20, the platform said that the pUOS on Ultra bridge was not affected and is now back up.
“A detailed post-mortem will be shared tomorrow. Updates to follow on the gradual reactivation of all other bridges,” said pNetwork.