Drama continues to plague decentralized finance (DeFi), with Factom-based stablecoin network PegNet appearing to suffer a 51% attack that resulted in $6.7 million worth of the USD-pegged stablecoin pUSD being fraudulently created.

The attack was executed by a group of four miners who collectively control 70% of PegNet’s hash rate on April 22. The miners were unsuccessful in attempts to liquidate the funds and now claim it was simply a security penetration test.

PegNet core developer ‘WhoSoup’ posted a recap of the events surrounding what he believes was an attack.

Anatomy of a 51% attack

PegNet is a decentralized network built on top of Factom that supports tokens pegged to 42 different assets — including fiat currencies, commodities, and cryptocurrencies.

The PegNet network receives price data from miners via oracles and APIs to maintain price stability. Each block requires up to 50 data submissions and the network discards the 25 entries furthest away from the average price.

At approximately 05:00 UTC, the miners submitted data to briefly artificially inflate the price of the Japanese yen-pegged stablecoin pJPY by submitting 35 of the 50 data entries at extreme prices.

Once inflated, the miners exchanged a wallet containing 1,265.79 pJPY (roughly $11) for 6.7 million pUSD.

Miners unable to sell funds

However, the group was unsuccessful in attempting to liquidate the funds.

The majority of the fraudulently created stablecoins have since been sent to a burn address with no known private key, containing over roughly 9,000 transactions. The miners are now claiming to have simply been trialing a penetration test of the network.

No other users’ funds were affected in the roughly 20 minute-long attack.

DeFi sees two unusual attacks in one week

On April 19, Chinese DeFi protocol dForce suffered an attack resulting in 99.95% of funds locked on its Lendf.me platform being drained by hackers.

The attackers stole $25 million in user funds by exploiting a known vulnerability to the ERC-777 via stablecoin imBTC — which had been similarly used to target a smart contract on decentralized exchange Uniswap the previous day.

However, after accidentally leaking identifying information, the hacker returned the funds in full on April 22.