Forced to leave South Korea after 5 years, was Pundi AI’s prioritization of protecting user assets a “wrong decision”?

Interview: Tong, PANews

Editor: Yuliya, PANews

On July 12th, an unexpected hacker attack caused Pundi AI to be issued an additional 1 million tokens in just a few minutes. Faced with this crisis, the team chose to freeze, track, and recover the assets, and publicly disclose the information as soon as possible to ensure the safety of the funds. Ultimately, they successfully recovered and frozen nearly 90% of the stolen funds, and paid over one million US dollars in full compensation to users. The vulnerability in the ERC1967Proxy contract exploited by the hacker has already affected multiple industry projects. However, Pundi AI was notified by the Korea Digital Asset Exchange Association (DAXA), a group of five major exchanges including Upbit and Bithumb, to be delisted from Korean exchanges due to “untimely disclosure of information.”

To help readers better understand the context of events, the following is a key timeline review.

March 2 — Function X announced its rebranding to PUNDIAI and token swap to PUNDI. By then, the hacker had already been lurking, but remained undetected due to their stealth.

July 12 — Hackers officially launched their attack, issuing an additional 1 million tokens. Transfers were frozen and tracking initiated that day. That evening, the CEO announced to the community that the contract had encountered a vulnerability and announced the measures being taken to address it.

July 14 — Fully disclosed the attack investigation results and solutions to the exchange and initiated communication with DAXA.

July 28 — Upbit and Bithumb announced they would delist PundiAI on August 28, citing “delayed information disclosure.”

July 31 — Official announcement: Over 80% of assets recovered, full user compensation completed within 11 days.

In this exclusive interview, PANews spoke exclusively with Pundi AI co-founder Danny Lim, who thoroughly reviewed the entire incident, offering safety warnings to other projects in the industry undergoing token migrations and operational guidelines for projects listed on regulated Korean exchanges. He also discussed Pundi AI’s product portfolio in the AI data field from an industry perspective, as well as his thoughts on the current development of the Web3 AI sector.

In addition, he posed a dilemma: In the battle of wits and courage with hackers, should one prioritize user fund security without alerting the hackers? Or prioritize transparency and disclose information immediately, potentially allowing hackers to accelerate fund transfers and increase the amount of damage? This time, Pundi AI chose the former, but also paid the price for its “flawed” transparency.

A blessing in disguise. Danny jokingly said that being delisted from a compliant exchange actually unlocked the project’s development. In the past, tokens could not be repurchased or destroyed at will, requiring the exchange’s approval. Now we can more flexibly utilize token economics to give back to the community. Pundi AI will also repurchase tokens and airdrop them to users, “thanking them for standing with us in times of crisis.”

Theft, Delisting, and Tough Decisions

PANews: I recently saw an announcement that the Korea Digital Asset Exchange Association (DAXA) has ordered its members to delist Pundi tokens. The reason for this is that Pundi AI’s tokens were stolen during the token migration process and not disclosed promptly. Can you elaborate on the details of what happened?

Danny: The security incident occurred around 2:20 PM on July 12th. Our system issued an alert around 2:40 PM, indicating an abnormal minting of approximately 1 million PUNDI tokens. We initially thought it was a bug in the contract, as it happened to be a Saturday, so we urgently contacted our technical team to investigate. By 5:00 PM, we confirmed this wasn’t a bug, but an attack. We immediately contacted all major exchanges and requested they suspend PUNDIAI deposits and withdrawals.

The entire attack was incredibly sophisticated. The hacker exploited a vulnerability in our token migration contract. During our February contract deployment, the hacker submitted a transaction with a higher gas fee within the same block, preemptively accessing and gaining access to our contract’s administrator privileges (admin key). This technique was incredibly precise, requiring precise calculation of the timing and block of our transaction.

PANews: How many protocols could potentially be impacted by this security vulnerability? Have you taken steps to alert other institutions?

Danny: This was a very subtle vulnerability. We completed the token swap in February, and it wasn’t exposed until the attack in July. We’ve also recently seen several projects on Basechain and Ethereum being attacked using similar tactics over the past three or four weeks. Hackers are very patient, often lurking for months, waiting for the market to recover and projects to gain popularity before striking. Therefore, by publicly sharing the details of this incident, we can serve as a lesson for all our peers, especially those planning token migrations or contract upgrades. They must be mindful of the potential security risks of these “front-running” attacks.

PANews: What measures did you take after discovering the theft, and were they disclosed to the community?

Danny: Considering that the hacker didn’t immediately sell all the newly issued tokens, but rather liquidated them slowly, we believe the hacker may not have been aware of our discovery of the theft. To maximize the chance of recovering the assets, we made the difficult decision to quietly track and freeze the assets without alerting the attacker. After securing the assets, we announced on Twitter on the evening of July 12th that we had encountered a contract issue and publicly shared our solution.

This strategy was remarkably effective. We successfully intercepted approximately 95% of the stolen assets on both Ethereum and our own mainnet, F(x)Core. The primary losses occurred on the BSC chain because we connect to it via the Axelar cross-chain bridge, and during the weekend, there were delays in the response from third-party service providers. For users who suffered losses from the market crash on PancakeSwap and our own DEX, we repurchased their assets at fair prices to ensure they suffered no losses.

Overall, this attack resulted in the issuance of over $6 million worth of tokens at the time. Through freezing and recovery efforts, we were able to recover approximately 87% of these assets. Ultimately, we decided to shoulder the nearly $2 million loss ourselves.

PANews: The theft only affected tokens. Does this have any impact on the product?

Danny: A little. We have a cross-chain bridge connecting Ethereum, BSC, and F(x)Core. To prevent similar incidents from happening again, we upgraded the token contract. This impacted the cross-chain bridge’s functionality to some extent, but the overall product is fine and hasn’t been significantly impacted.

PANews: Have you communicated with DAXA? Do you think this direct delisting was inappropriate, or what lessons have we learned?

Danny: We had extensive communication with DAXA. They sent us an email on July 14th, and we responded three or four times. Throughout the entire communication process, they didn’t seem to blame us, nor did they make any specific rectification requests. Instead, they kept asking for technical details, solutions, and user compensation. So, at the time, we felt the problem wasn’t serious. We figured we’d recovered most of the funds, compensated all users for their losses, and covered our own losses, so we should be able to get through it. But unexpectedly, we received the delisting notice this Monday. DAXA didn’t provide a specific reason. According to the exchange’s announcement, the delisting was due to “untimely disclosure,” leaving us no room for explanation or recourse.

From our perspective, we’re of course disappointed, and even a little heartbroken. We’re a team that truly gets things done. After the hack, we spent our own money to compensate users for their losses and did our best to recover assets. But this was the outcome we ultimately faced. This is especially true compared to the recent GMX hack, which emerged unscathed while we were delisted.

From DAXA’s perspective, they uphold the principles of transparency and openness across the market, and their actions are understandable. We did have procedural flaws.

The biggest lesson is that in the Korean market, timely information and transparency are paramount. This is a painful lesson; we failed to strike the right balance between quietly recovering assets and promptly disclosing them. We hope this serves as a warning to all projects listing or planning to list in South Korea.

PANews: Could delisting from an exchange impact your reputation?

Danny: Yes, that’s what we’re most worried about. The trading losses caused by the delisting itself are secondary; the more painful thing is the damage to our reputation. Many people don’t delve into the underlying reasons. They simply see “Pundi AI was delisted by DAXA” and label us a “bad company” or a “scam.” This causes our years of hard work and reputation to be misunderstood.

The Korean Market’s Difficulties and Future Plans

PANews: When did Pundi AI go public on a Korean exchange? How many users have you accumulated in the Korean market?

Danny: We’ve been in the Korean market for a long time. Our predecessor, Function X (FX), was listed on Bithumb in 2019 and on Upbit in 2020. We’ve been working in South Korea for five or six years and have at least 200,000 to 300,000 users, possibly even over 400,000.

PANews: There’s a significant premium for kimchi in South Korea right now, especially in some altcoin markets. What are your observations on the Korean market? Will you consider relisting on a South Korean exchange?

Danny: The South Korean market is quite unique. Users rely heavily on CEXs for trading, and generally aren’t very receptive to DeFi or on-chain operations. Approximately 80% of our trading volume and 70% of our tradable tokens are on South Korean CEXs. Therefore, this delisting has a significant impact on our liquidity.

As for relisting, we consulted a lot, and the feedback we received was that it would be extremely difficult. DAXA’s decisions are authoritative in South Korea, and once made, they are difficult to reverse in the short term. However, we are still actively communicating with DAXA and major exchanges, hoping to gain their trust and re-enter the Korean market.

But one thing is very comforting and touching. After the delisting announcement, our token price didn’t plummet like other projects, but remained largely stable. This demonstrates that our community and our token holders still believe in us. This is also the most heartbreaking part for us. On the one hand, we feel we cannot betray this trust, but on the other hand, we are frustrated by our inability to provide them with convenient trading channels.

PANews: Do you have any future plans for the community?

Danny: We currently have three core initiatives.

First, since the path of centralized exchanges in South Korea is currently difficult, we will increase our investment in on-chain, decentralized exchanges. We will invest our own capital to build deeper capital pools on platforms like PancakeSwap and Uniswap to provide users with ample liquidity.

Second, we will vigorously promote our new AI data products. We believe that high-quality products are the core driving force behind project development.

Third, we will launch a token buyback and airdrop program. To be honest, listing on a compliant centralized exchange in South Korea used to be restrictive. You couldn’t buy back or burn tokens at will; you needed their permission. Now, we’ve “unleashed the lid,” allowing us to more flexibly utilize token economics to give back to the community. We will buy back tokens and airdrop to our supporters, thanking them for standing with us in times of crisis.
…

Danny: Actually, our new product, Data Pump, was already ready and soft-launched on July 10th. Coincidentally, we were attacked on the 12th, so we didn’t have time to promote it at all.

Data Pump can be thought of as a “launchpad for AI datasets.” This product incorporates a mechanism similar to Pump.fun, but the underlying assets are datasets rather than meme tokens. It aims to tokenize data (DataFi). Users can package various content data (tweets, audio, video, etc.) into NFTs. They can then stake these NFTs on our platform to generate corresponding tokens and directly trade them on DEXs like PancakeSwap. Going forward, our focus will be on promoting and operating this product.

PANews: In the past two years, AI has become a key area of focus for Web3. Also in the AI data space, what differentiates Pundi AI’s products from those of other companies like Sahara and Openledger?

Danny: First, at the data level, many projects focus on general data annotation, with users primarily seeking to “take advantage of airdrops.” This data has limited commercial value. From the outset, we’ve focused on specialized niche areas, such as medical imaging (cardiovascular disease identification), autonomous driving (high-precision obstacle delineation), and legal documents. We recruit medical students from universities in Indonesia to perform the annotation, ensuring the professionalism and high quality of the data. Although we only have tens of thousands of annotation users, with fewer than 1,000 active, the quality is very high.

Secondly, we’ve gone a step further and developed an AI AMM (Automated Market Maker). Users simply deposit LP tokens, and transactions automatically begin on-chain. This enables the assetization and monetization of data.

Finally, we possess a vast data base. We currently maintain a petabyte (approximately 1024 TB) of data on-chain, arguably one of the largest data stores in the Web3 space.

PANews: Since the end of the fomo (FoMo) rally for AI Agents at the beginning of this year, the AI sector has been consolidating at a low level. What do you think are the bottlenecks in the development of Web3 AI? Is there hope for a return to the enthusiasm of the beginning of the year?

Danny: Personally, I believe the bottleneck in the development of Web3 AI lies in the lack of truly useful, life-changing products.

First, the so-called “decentralized computing power” is more of a false proposition at this stage. Using a decentralized network to run small language models might be feasible, but running truly meaningful large models like GPT-4 is completely unrealistic.

The true value of blockchain in AI lies in the “data layer,” protecting user data sovereignty and privacy. Every question you ask on ChatGPT provides data, and you can’t prevent it from accessing your history. Blockchain, particularly using ZK (zero-knowledge proof) technology, can perfectly solve this problem, allowing users to securely allow AI to access their data with authorization.

However, the bottleneck lies in the fact that, currently, ordinary users haven’t yet realized the importance of their data privacy. People simply don’t have this awareness.

Therefore, I believe that for the Web3 AI sector to truly flourish, we must wait for a moment of “backward compatibility.” In other words, we have to wait for a traditional AI giant, such as OpenAI or Google, to realize the importance of user data privacy due to a certain opportunity (such as a large-scale data leak scandal) and actively embrace blockchain technology to provide users with data protection features. This trend will definitely be led by traditional giants, rather than driven from the bottom up by native Web3 projects. I believe this day is not far off.