Forced to leave after 5 years in South Korea, was Pundi AI's priority to protect user assets a "wrong decision"?

Interview: Tong, PANews

Editor: Yuliya, PANews

On July 12, an unexpected hacker attack led to the abnormal issuance of 1 million tokens for Pundi AI in just a few minutes. In the face of this crisis, the team chose to first freeze, track, and recover assets, and publicly disclose the situation as soon as they ensured the safety of the funds. Ultimately, they successfully recovered and froze nearly 90% of the stolen funds, covering over a million dollars to complete full user compensation. The vulnerability of the ERC1967Proxy contract exploited by the hacker has now affected multiple projects in the industry. However, Pundi AI has been notified by the Korean Digital Asset Exchange Association (DAXA), which consists of major exchanges including Upbit and Bithumb, to delist from Korean exchanges due to "untimely information disclosure."

In order to help readers better understand the context of events, the following is a review of the key timeline.

• March 2 — Function X announced a rebranding to PUNDIAI and a token swap to PUNDI, at which point hackers had already infiltrated, but they remained undetected due to their stealth.
• July 12 — Hackers officially launched an attack, issuing an abnormal increase of 1 million tokens; transfers were frozen and tracking was initiated on the same day; that night the CEO publicly informed the community about the contract vulnerability and announced the measures that had been taken.
• July 14 — Fully disclose the investigation results and solutions for the attack incident to the exchange, and communicate with DAXA.
• July 28 — Upbit and Bithumb announced that they will delist PundiAI on August 28, citing "insufficient information disclosure."
• July 31 - Official statement recovers over 80% of assets, full user compensation completed within 11 days.

In this interview, PANews exclusively talks to Danny Lim, co-founder of Pundi AI, to review the entire event process comprehensively, providing safety reminders for other projects in the industry that are migrating tokens, as well as operational guidelines for projects listed on compliant exchanges in South Korea. At the same time, he also explores Pundi AI's product layout in the field of AI data from an industry perspective, as well as his thoughts on the current development of the Web3 AI track.

In addition, he also posed a dilemma: in the process of outsmarting hackers, should we prioritize ensuring the safety of user funds without alarming the hackers? Or should we prioritize transparency and disclose information promptly, which may allow hackers to accelerate the transfer of funds and thus increase the losses? This time, Pundi AI chose the former, but also paid the price for the choice due to the "flaw" in transparency.

The old man lost his horse; how could one know it is not a blessing? Danny jokingly referred to the delisting by the compliant exchange as a way to unlock the "seal" for project development. In the past, repurchasing or burning tokens could not be done casually and required the exchange's consent. Now, they can flexibly use token economics to give back to the community. Pundi AI will also repurchase tokens and airdrop to users, "thank you for choosing to stand with us during difficult times."

stolen, delisted and difficult choices

PANews: Recently saw an announcement that the Digital Asset Exchange Association of Korea (DAXA) has requested its members to delist Pundi tokens. The reason is that Pundi AI was hacked during the token migration process and did not disclose it in a timely manner. Could you please elaborate on the details of the incident?

Danny: The security incident occurred around 2:20 PM on July 12th. Our system issued a warning around 2:40, indicating there was abnormal minting, and approximately 1 million PUNDI tokens were minted. At first, we thought there was a bug in the contract. It happened to be a Saturday, and we urgently contacted the tech team for verification.

By 5 PM, we confirmed that this was not a bug, but an attack. We immediately contacted major exchanges to request the suspension of PUNDIAI's deposit and withdrawal functions.

The entire attack process was very sophisticated. The hacker exploited a vulnerability in our token migration contract. During the transaction when we deployed the new contract in February, the hacker submitted a transaction with a Gas fee higher than ours in the same block, taking the initiative to call and obtain the admin key of our contract. This method is very precise, requiring careful calculation of the timing of our transaction and the block.

PANews: How many protocols could be potentially affected by this security vulnerability? Have you taken measures to alert other institutions?

Danny: This is a very hidden vulnerability. We completed the token swap in February, and it wasn't exposed until the attack occurred in July. Recently, we have also seen several projects on the Base chain and Ethereum attacked using similar methods in the last three to four weeks. Hackers are very patient and often lurk for months, waiting for the market to recover and project popularity to rise before taking action. Therefore, the detailed account of this public incident serves as a lesson for all our peers, especially for project teams that plan to migrate tokens or upgrade contracts, to sound the alarm about the potential security risks of such "preemptive attacks".

PANews: What measures did you take after discovering the theft, and did you disclose this to the community?

Danny: Considering that the hacker did not immediately sell off all the minted tokens for cash, but rather converted them slowly, we judge that the hacker may not yet be aware that we have discovered the stolen funds. In order to maximize the possibility of recovering the assets, we made a difficult decision: to avoid alarming the snake, and to quietly track and freeze the assets. Once the assets were protected, on the evening of July 12th, we announced on Twitter that our contract had encountered issues and publicly disclosed our handling plan.

This strategy has been very effective. We successfully intercepted about 95% of stolen assets on the Ethereum network and our own mainnet F(x)Core. The main losses occurred on the BSC chain, because we connected to BSC through the Axelar cross-chain bridge, and there was a delay in response from third-party service providers during the weekend. For users who suffered losses due to price crashes on PancakeSwap and our own DEX, we conducted buyback compensation at fair prices to ensure that users did not incur losses.

Overall, this attack resulted in the issuance of tokens worth approximately over $6 million at the time of the market price. Through freezing and recovery, we ultimately succeeded in reclaiming about 87% of the assets, and we decided to absorb nearly $2 million in losses ourselves. We set a cap on the amount of tokens that can be issued in a single instance in the Token contract; otherwise, the losses could have been greater.

PANews: The theft only involved tokens, what impact does it have on the product level?

Danny: There is some impact. Because we have a cross-chain bridge communicating between Ethereum, BSC, and F(x)Core, we upgraded the Token contract to prevent similar incidents from happening again. So there is a certain impact on the cross-chain bridge functionality, but overall the product level is still okay, and has not been significantly affected.

PANews: Have you communicated with DAXA? Do you think this direct delisting approach is inappropriate, or what experiences and lessons have you learned?

Danny: We had a lot of communication with DAXA. They emailed us on July 14, and we exchanged three or four replies back and forth. Throughout the communication process, they did not show any signs of blame, nor did they raise any specific rectification requirements; they just kept asking about technical details, solutions, and user compensation status. So at that time, we felt the problem was not serious, believed we had recovered most of the funds, compensated all user losses, and absorbed the losses ourselves, and thought we would be fine. But unexpectedly, this Monday, we received a notification of delisting directly. DAXA did not provide a specific reason, and according to the exchange announcement, the reason for delisting was "untimely disclosure," which left us no room for explanation or buffer.

From our perspective, we certainly feel it is a pity, and even somewhat "heartbroken". We are a team that truly works hard; after being attacked by hackers, we used our own money to compensate users for their losses and tried our best to recover the assets. But in the end, what we received was such a result. Especially in comparison to the recent GMX hacking incident, they got away unscathed while we were delisted.

However, from DAXA's perspective, they uphold the principles of transparency and openness in the entire market, and their approach is understandable. We do indeed have flaws in our procedures.

The biggest lesson is: in the Korean market, the timeliness and transparency of information are more important than anything else. This is a painful lesson; we failed to strike a balance between "quietly recovering assets" and "making public disclosures at the first moment." I hope this serves as a warning to all projects that are live or planning to launch in Korea.

PANews: Will delisting by exchanges affect your reputation?

Danny: Yes, this is our biggest concern. The trading losses caused by the delisting itself are secondary; what hurts more is the damage to our reputation. Many people won't delve into the underlying reasons; they will only see "Pundi AI has been delisted by DAXA" and then label us as a "bad company" or "scammer." This has led to a misunderstanding of our years of effort and reputation.

The Dilemma and Future Plans of the South Korean Market

PANews: When was Pundi AI launched on the Korean exchange? How many users has it accumulated in the Korean market?

Danny: We have been in the Korean market for a long time. Our predecessor Function X (FX) was launched on Bithumb in 2019 and on Upbit in 2020. We have been cultivating in Korea for five to six years, with at least two to three hundred thousand, and possibly over four hundred thousand users.

PANews: Currently, the kimchi premium in South Korea is significant, especially in certain altcoin markets. What observations do you have regarding the South Korean market? Are you considering ways to relaunch on South Korean exchanges?

Danny: The South Korean market is quite unique. Users are heavily reliant on CEX for trading, and their acceptance of DeFi or on-chain operations is generally low. About 80% of our trading volume and 70% of the tradable tokens are on South Korean CEXs. Therefore, this delisting has a huge impact on our liquidity.

As for going back online, we have asked around and the feedback has been that the difficulty is very high. DAXA's decision has authority in South Korea, and once made, it is hard to reverse in the short term. However, we are still actively communicating with DAXA and major exchanges, hoping to gain their trust and return to the South Korean market.

But there is one thing that makes us very comforted and moved. After the delisting announcement, our coin price did not plummet like other projects, but remained basically stable. This shows that our community and our coin holders still believe in us. This is also the most heart-wrenching aspect for us; on one hand, we feel we cannot betray this trust, and on the other hand, we are struggling to provide them with convenient trading channels.

PANews: Are there any plans for the community going forward?

Danny: We currently have three core plans.

• First, since the path for centralized exchanges in South Korea is temporarily difficult, we will increase our investment in on-chain, that is, decentralized exchanges. We will fund ourselves to establish deeper liquidity pools on platforms like PancakeSwap, Uniswap, etc., to provide users with sufficient liquidity.
• Second, we will vigorously promote our brand new AI data products. We believe that a good product is the core driving force behind project development.
• Third, we will launch a token buyback and airdrop plan. To be honest, in the past, when launching on compliance-focused centralized exchanges in Korea, our hands were tied; you couldn't casually buy back or burn tokens without their consent. Now, we can say we have 'unsealed the seal' and can use token economics more flexibly to give back to the community. We will buy back tokens and airdrop them to users who support us, thanking them for standing with us during difficult times.

Vision and Challenges of AI Data Assetization

PANews: You mentioned a brand new AI data product, could you provide more details about this product and the upcoming plans?

Danny: In fact, our new product Data Pump is already ready and was soft-launched on July 10th. Coincidentally, we were attacked on the 12th, which left us with no time to promote it.

Data Pump can be understood as an "AI data set Launchpad." This product combines a mechanism similar to Pump.fun, but the underlying asset is not meme coins, but data sets. It aims to tokenize data (DataFi), users can package various content data (tweets, audio, video, etc.) into NFTs, and then they can mortgage this NFT on our platform to generate corresponding tokens and directly create trading pairs for trading on DEXs like PancakeSwap. Moving forward, all our focus will be on the promotion and operation of this product.

PANews: In the past two years, the AI track has become one of the key tracks in Web3. Similarly, in the AI data field, how do Pundi AI's products differ from those of other companies like Sahara and openledger?

Danny: First of all, from a data perspective, many projects are doing generic data annotation, and users mainly do it for "airdrop hunting"; the commercial value of this data is limited. We have focused on specialized niches from the very beginning, such as medical imaging (cardiovascular disease recognition), autonomous driving (high-precision obstacle outlining), legal documents, etc. We are looking for medical students from universities in Indonesia to do the annotations, ensuring the professionalism and high quality of the data. Although we only have tens of thousands of annotation users, with less than 1,000 active users, the quality is very high.

Secondly, we have added an extra layer compared to them by developing AI AMM (Automated Market Maker). Users can simply deposit LP tokens to automatically trade on-chain. This realizes the assetization and monetization of data.

Finally, we have a massive data foundation. We currently have a PB (approximately 1024 TB) level of data on-chain, which should be one of the largest data storage in the Web3 space.

PANews: Since the end of the fomo market for AI Agents at the beginning of this year, the AI sector has been in a low-level consolidation. Where do you think the bottlenecks in the development of the Web3 AI field are? Is there hope for a return to the frenzy of earlier this year?

Danny: I personally believe that the bottleneck in the development of Web3 AI lies in the fact that there is currently nothing truly useful that can change lives.

First of all, the so-called "decentralized computing power" is more like a false proposition at this stage. Running some small language models on a decentralized network might be possible, but running truly meaningful large models like GPT-4 is completely unrealistic.

The true value of blockchain in the AI field lies in the "data layer", which is to protect users' data sovereignty and privacy. Every question you ask on ChatGPT is providing it with data, and you cannot prevent it from accessing your history. Blockchain, especially using ZK (zero-knowledge proof) technology, can perfectly solve this problem, allowing users to safely let AI use their data with authorization.

But the bottleneck is that ordinary users at this stage still do not realize how important their data privacy is. People are not yet aware of this.

Therefore, for the Web3 AI sector to迎来真正的热潮, I believe we must wait for a moment of "backward compatibility." In other words, we need to wait for a traditional AI giant, such as OpenAI or Google, to realize the importance of user data privacy due to a certain opportunity (like a large-scale data leak scandal) and actively embrace blockchain technology, providing users with data protection features. This trend must be led by traditional giants, rather than being driven from the bottom up by Web3 native projects. I believe this day should not be too far away.