PCL has taken the last days to speak with BitMart and our key partners to establish a transparent path forward after BitMart exchange was hacked for 93 million PCL tokens. To read our overview on the incident and the immediate steps PECULIUM took to protect our users visit here.
We appreciate our community's patience, support, and discussion on this topic. Our highest priorities during this decision were to ensure our community members were compensated by BitMart and the longevity of PCL - the token that powers the PECULIUM ecosystem. This error has brought light on the importance of security within decentralized networks and is a great example of why at PECULIUM we audit our smart contracts with the best security firms in the world and use best-in-class security protocols for our internal development procedures.
The Solution
- BitMart has committed to purchasing 93 million PCL from the market to make sure that every user on their exchange has the ability to withdraw. But we didn’t accept it.
- PCL token will not continue with the current token contract for security puposes
- PECULIUM has triggered a Crisis Plan
BitMart has told PECULIUM they are working with the FBI, top world security firms, and asset managers to make sure they minimize the impact and recover the funds that were stolen and other externalities caused by their security errors.
PECULIUM will be issuing a V2 of PCL tokens because :
- The risk of hacker funds being moved is still there
- Despite the fact that the operational time and cost to do a V2 of a token have been estimated to be well in the 6 figures, we have chosen this option to protect 100% our investors.
- Even if V2 of a token could cause user confusion, we have decided to put a big dedicated task force to bring transparency to the current situation
Risk Overview
The BitMart hacker is still holding 93 million PCL tokens. You can view their wallet here. PECULIUM did not have the ability in our token contract to blacklist his address.
The industry feels that the risk the hacker returns to this wallet is low for the following reasons:
- In the event of a hack, the last action the hacker takes with a wallet is typically to use Tornado Cash to withdraw the ETH they plan to try and run away with. This is precisely the last action that this wallet has taken and it has been five days since their last move
- The wallet has been identified by many top security experts (and industry aggregators such as Etherscan and Certik) as a hacked wallet, and therefore any additional movement from that wallet puts the hacker at more risk to get caught (returning to the scene of the crime). This is and will be moving forward one of the most highly tracked wallets in the industry.
- The amount of funds in the wallet, compared to the amount that the hacker withdrew is considerably low and rather illiquid. As of December 12th, the tokens total ~$22 million in this wallet, but the true liquidity of selling these 46 tokens would be a small fraction of that amount and require hours of transactions to occur (increasing the risk of the hacker making a mistake and exposing themselves)
- There is a risk that the hacker tries to sell the wallet to someone else for a discounted rate of the total tokens.
For these reasons, it is highly likely that this wallet with 93 million PCL tokens has been abandoned and will not be touched again. This means, in theory, that these 93 million tokens are no longer part of the circulating supply of PECULIUM.
PECULIUM Crisis Confidence Plan
Despite the risk of the 93M PCL tokens being very low that they will ever be moved, PECULIUM has created a Crisis Plan to make sure we give our community the confidence they deserve to use PCL moving forward.
PCL V2 is triggered and the following actions are taking place to make sure all user funds are safe:
- PECULIUM wrote a new PCL smart contract and is in the process of auditing it
- PECULIUM has taken a snapshot at the exact time of the V2 trigger to obtain all address and balance data.
- PECULIUM has deployed the new smart contracts from our public deployment contract.
- PECULIUM has used Bulk Sender to issue the V1 holders their exact balance of V2 tokens.
- PECULIUM will work with all exchanges and wallets to make sure that they support PCL V2 with their existing user balances
- PECULIUM has notified Coingecko and CoinMarketCap to track the new token
- PECULIUM has worked with Ether Scan to properly label the contracts and verify their authenticity
- PECULIUM is changing all documentation to point to the proper links and contract IDs so that no users have confusion moving forward
- PECULIUM is making adjustments to our platform to make sure that V2 PCL is reflected throughout the entire ecosystem. Indeed, PECULIUM is changing the existing SAIEVE platform infrastructure to support PCL V2
- PECULIUM has added additional trained support staff to make sure that all users know how to access their PCL V2
- PECULIUM will provide public documentation on our website and in our support system to make sure that all existing users have access to the official information
Other Considerations
- Nearly 77M tokens have been withdrawn from BitMart already without issue. To facilitate this, BitMart would have needed to acquire PCL
- PECULIUM will not be issuing tokens to BitMart from our treasury to compensate users.
- PECULIUM has been approached by several new partners to establish key relationships to make PCL more accessible with more widely used and reputable exchanges that meet our rigorous security standards for partnerships
- PECULIUM will only partner with projects that publicly display proofs of their audits
- Statements presented in this article are based on Telegram messages from official BitMart team members sent to PECULIUM representatives
An AMA will be conducted with the community next week to answer all questions you may have.
Thank you, PECULIUM Community for your patience.
Now we move forward!
Comments
You must be logged in to post a comment