Published in


PECO & DFI Post-Mortem — December 26th, 2022


  • The attacker then minted 80 billion tokens and sold them on all available decentralized exchanges (DEXs), leading to the draining of all available liquidity pools.
  • As a fellow community member,, the parent company of Amun, is committed to providing relief to impacted token holders. We will share details on how impacted token holders can expect relief as soon as possible.

What Happened

At 12:55 AM UTC on December 26th the attacker began creating fake tokens using the 0xd7948f06256831d1f0287d81bf1e6b19185aa69a address. This is an address that Amun previously used to effectuate rebalances for the tokens and was the only address that was able to rebalance the tokens. This address is considered compromised, as of now. After creating multiple fake tokens as well as a fake exchange, the attacker set the PECO rebalance manager to target the fake DEX created by the attacker for rebalance. The attacker then forced the PECO token to rebalance, swapping all the true underlying tokens to ones created by the attacker. The rebalancing process transferred all the true underlyings to the attackers wallet, where they were swapped for Matic. The funds currently remain in the attacker’s wallet address, as of the time of this writing.

The same exploit was then carried out on the DFI token, which uses the same address for executing rebalances.

Next Steps

The team is working diligently to identify all impacted token holders and will be proposing a plan to provide relief to fellow impacted token holders. We will update the community as soon as a timeline for repayment is determined.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store