PECULIUM Official Statement — BitMart Hack

Overview and Background

PCL is a utility token that powers the PECULIUM ecosystem . It is used to pay fees within the SAIΞVE wealth management platform, earn rewards and gain access to unique cashback fees through the Membership program, and more. PCL is a user’s gateway to an effortless crypto investing experience. To make that gateway more accessible to the world, PCL is available on the largest blockchain in the world (Ethereum).

PCL ERC20 token was listed on the BitMart exchange by their team back in April 2020. Since then, we have worked hand-in-hand with the BitMart team.

The Incident

On Thursday 4th December 2021, at 22:35pm EST a member of the PECULIUM team noticed an abnormal transaction come from BitMart where 93 million PCL tokens were withdrawn to the Ethereum blockchain. Our team was alerted and shortly found there was a security breach on BitMart where their hot wallets had been compromised, allowing a nefarious actor to take 93 million PCL tokens from the exchange into their own wallet. At this time, the BitMart team had not made any statement.

PECULIUM took quick action. We knew that the hacker had tokens on Ethereum, our next course of action was to have a development meeting with our team, which included our team members that wrote and tested our token contracts. We needed to rule out that there was no ability to blacklist the hacker’s address via our token contract and to determine any potential adverse effects of pausing our token through the contract. Unfortunately, our token does not have a “blacklist” option. Adding this type of token functionality within a token contract is a divisive topic among cryptocurrency enthusiasts. The audited contracts for PCL can be found in our Github here.

Due to the fact that we had cornered the attacker to sell his PCL tokens, we decided against pausing the tokens and our team created an action plan of the steps we would need to promptly follow in order to deploy a new PCL token contract, where we would blacklist the hacker’s address and compensate all of our holders with a snapshot of the token holders without the attacker’s address. We contacted our partners to make sure our action plan was comprehensive, and if initiated, it would cause the smallest amount of inconvenience for our users.

Several hours after, BitMart contacted us to tell us there was a security breach and asked if we could assist them in blacklisting the hacker’s wallet address. They alerted us that they’d be contacting other exchanges to recover tokens and that BitMart would cover all losses of our users and create an action plan to resolve this issue. They asked us if a contract migration was possible, and we were able to share our action plan that had been put together.

The Aftermath

Our team has been monitoring the situation closely and have set alerts on the hacker’s addresses so that we can act promptly if any tokens are moved. We have action plans created for a wide number of scenarios to make sure that we’re able to act quickly and diligently as a team so that the impact of this situation is remedied as quick as possible.

We have read all communication put out publicly about the incident and are happy to hear that BitMart has partnered with globally respected exchanges, asset managers, and security companies to rectify the situation for all of the 45 impacted tokens and their users.

Next Steps

PECULIUM was waiting on accurate information directly from the BitMart team. Until then, we are in direct contact with bitmart waiting for a complete resolution in order of us to take the next step. All ERC20 PCL supported exchanges will be able to intercept the hacker’s PCL if they were to move them to one of their exchanges to return the tokens to the user.

The hacker’s only options are to sell on Dexes but as we’re not listed on any DEX with high liquidity, he has to abandon the tokens for no return. We will make a move forward that benefits our community in the short and long term, and BitMart has committed to compensating users who were impacted.

The decision-making process is being made transparent with our community to give confidence to our users that PECULIUM will act in their best interests during times of third-party error and crisis. We commit to working with BitMart for the best interests of our users to help in this situation where we can.

Learning Opportunities

As an industry, we need to encourage exchanges to publish more accurate information on their cold storage solutions as well as their “disaster plan” for how they will move forward in the event of a hack.

PECULIUM will only partner with organizations that commit to publicly displaying their contract and token audits to the world for the safety of our users. We commit to using best-in-class security processes internally for password and private key protection and expect that our partners do the same so that these incidents do not impact the end-users. Every project has a responsibility to make sure that we’re building our ecosystem in a sustainable manner and we thank the community for their understanding. We commend BitMart for taking action and committing to compensating all losses.

See you tomorrow for more updates!

--

--

--

SAIΞVE App offer you the easiest way to earn more on your Idle crypto holdings, giving you peace of mind while investing

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Google pushed developers to fix security flaws in 275000 Android apps

{UPDATE} Fruit Splash Link Trip Hack Free Resources Generator

{UPDATE} Oil Hunt Hack Free Resources Generator

10 Key Management Best Practices You Should Know

North Korea making use of cyberpunks to increase profits by means of crypto break-ins

{UPDATE} Monster Trucks Tug of War Sim Hack Free Resources Generator

Sucuri vs Cloudflare Pros and Cons

Sucuri vs Cloudflare Pros and Cons

How to Participate in Helmet IIO of Paul Protocol

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Peculium

Peculium

SAIΞVE App offer you the easiest way to earn more on your Idle crypto holdings, giving you peace of mind while investing

More from Medium

TrustWallet >>to>> Metamask

Questions from the 2nd Graphene Telegram AMA with our CEO Mike Trisko

ELI5 - Drip — What the hell is it?

PumSwap is the decentralized exchange or DEX created for swapping BEP20 tokens on the Binance Smart…