Port3 Network hacked to zero! PORT3 crashes 82%, official announcement to invalidate and reissue

Decentralized AI data network Port3 Network was exploited by a hacker who took advantage of a boundary condition validation vulnerability in the CATERC20 cross-chain token solution, illegally minting 1 billion PORT3 tokens and dumping them, causing the token price to flash crash by 82% within one hour. Port3 contacted CEXs to freeze suspicious token flows and is reissuing the token and deploying a new contract. The PORT3 token is now nearly worthless, and the official team will announce the asset snapshot time and operational guidelines.

CATERC20 Vulnerability Turns Decentralization Into a Fatal Backdoor

On November 23, local time, at around 2 PM, Port3 Network announced the cause of the hack on X, revealing how a seemingly secure cross-chain solution became a catastrophic vulnerability. PORT3 aimed to support development across multiple chains, so it adopted the CATERC20 cross-chain token solution from @nexa_network. In theory, this solution allows tokens to circulate between different blockchains, which is highly attractive for projects looking to establish a multichain ecosystem.

However, CATERC20 contained a boundary condition validation flaw: when token ownership is renounced, the relevant function returns a value of 0, which just happens to meet the owner verification condition. This design defect is extremely dangerous in the smart contract field because it incorrectly interprets the “no owner” state as “anyone can be the owner.”

Port3 Network stated that, in order to strengthen decentralization, they had proactively renounced contract admin rights, inadvertently leaving a backdoor for hackers. This decision aligns with the spirit of cryptocurrency—decentralized projects often renounce admin privileges at some stage to prove that the team cannot arbitrarily control token supply or contract functions. However, in the implementation of CATERC20, this good intention became a fatal weakness.

Even more concerning, this flaw was not uncovered in previous security audits, exposing the limitations of current blockchain security auditing. Many audit firms focus on checking common vulnerability patterns but may lack in-depth testing for boundary conditions of specific cross-chain solutions. As CATERC20 is a relatively niche cross-chain solution, its unique verification logic may not have been fully understood by the audit team.

CATERC20 Vulnerability Exploit Process

Step 1: Port3 renounces contract ownership for decentralization

Step 2: After renounce ownership, the function returns 0

Step 3: Hacker discovers 0 meets owner verification condition

Step 4: Hacker gains minting rights and illegally mints 1 billion PORT3

Step 5: Massive token dumping causes an 82% flash crash within 1 hour

82% Flash Crash in 1 Hour, Exchanges Suspend Deposits & Withdrawals

(Source: CoinMarketCap)

The illegally minted 1 billion PORT3 tokens had a devastating impact on the market. Within just one hour, the PORT3 token price flash crashed by as much as 82%, a rate of decline rarely seen even in the cryptocurrency market. Typically, even major negative news takes hours or even days for the market to fully digest. But when a large number of zero-cost tokens suddenly flood the market, the sell pressure is immediate and overwhelming.

After the incident, Port3 Network stated it had contacted centralized exchanges to freeze suspicious token flows. Major exchanges responded quickly, suspending PORT3 deposits and withdrawals. This emergency measure was intended to prevent the hacker from transferring illegally obtained tokens onto exchanges for liquidation, while also protecting users who held PORT3 on exchanges from further losses.

However, trading on decentralized exchanges (DEXs) cannot be stopped, which is one of the reasons the token price could collapse so rapidly. The hacker likely dumped large volumes on DEXs, and ordinary investors suffered significant losses before realizing something was amiss. On-chain data shows that much of the trading occurred on decentralized platforms like Uniswap, and these transactions cannot be reversed or frozen.

Currently, the PORT3 token has almost dropped to zero, falling from its pre-attack price to virtually worthless. For investors holding PORT3, this is a disaster. Those who bought in before the attack or were long-term holders have seen their investments almost entirely wiped out. This is why the official decision to reissue the token has become the only viable solution.

Official Decision: Token Reissue and Contract Relaunch to Restart Ecosystem

Faced with the reality of the token going to zero, Port3 Network made a major decision: to fix the issue by reissuing the token and deploying a new contract. This means the current PORT3 token will be officially declared void, and a new token will replace it. The official team will announce the asset snapshot time and operational guidelines, allowing users to exchange old tokens for new ones at a set ratio.

This kind of “restart” strategy is not without precedent in cryptocurrency history. After The DAO hack in 2016, the Ethereum community voted to hard fork and roll back the stolen transactions, resulting in today’s Ethereum (ETH) and Ethereum Classic (ETC). However, Port3 Network’s case is different—this is not a chain-wide fork, but rather the reissuance of a single project token.

Issuing the new token involves several key issues. First is the selection of the snapshot time. The team needs to determine a time point before the attack to record all holders’ balances as the basis for new token distribution. This time point is critical—too early and it might miss legitimate pre-attack transactions, too late and it might include hacker-manipulated transactions.

Second is the exchange ratio. The fairest approach is a 1:1 swap, meaning users holding 1 old PORT3 will receive 1 new token. However, since some users may have bought in at extremely low prices during the attack (attempting to catch the bottom), the team may need to design a more complex distribution mechanism to balance various interests.

Third is the security of the new contract. This attack originated from the flaw in the CATERC20 solution, so the new token may need to use a different technical approach. Port3 Network might abandon CATERC20 and instead use a more mature cross-chain bridge solution, or simply focus on single-chain deployment until the technology is fully mature before considering multichain expansion.

The team also reminds users not to click on unofficial links during the token swap period to avoid phishing scams. This warning is extremely important. Whenever a major security incident occurs, scammers often take the opportunity to send phishing emails or create fake swap websites to trick users into providing their private keys or seed phrases. Users must trust only information from the official Twitter, website, and announcement channels.

Port3 Network’s Future Challenges and Rebuilding Community Trust

This attack has caused damage to Port3 Network not only economically but also in terms of trust. Investors and users may question: If the team failed to identify the CATERC20 flaw the first time, how can they guarantee the new token won’t have similar issues? Since the security audit failed to detect the vulnerability, how trustworthy will the new token’s audit be?

Port3 Network needs to take multiple steps to rebuild trust. First is to publish a transparent incident investigation report, detailing the technical specifics of the vulnerability, the hacker’s attack methods, and the team’s response process. Second is to hire several top security firms to independently audit the new contract and make the audit reports public. Third is to set up a bug bounty program to encourage white hat hackers to proactively find potential issues.

From a broader perspective, this incident also provides a lesson for the entire crypto industry. While decentralization is a core principle, admin rights should only be renounced after contracts have been thoroughly tested and proven to be free of boundary condition vulnerabilities. Cross-chain solutions can certainly expand ecosystems, but when introducing third-party technology, it is imperative to conduct in-depth technical due diligence.