Paid Network, a DeFi platform aimed at real-world businesses, has been exploited today in an "infinite mint" attack that has sent PAID token prices plunging upwards of 85%.

While the exploit netted nearly $180 million in PAID tokens at the fourth dimension of the attack — what would take comfortably been the largest exploit of a DeFi protocol — the hacker's payday will stop upwardly being far less. One observer noted that the attacker's wallet only converted some of their tokens to wrapped ether, leaving the residue in rapidly-devaluing PAID tokens:

The aggressor's wallet still has over 57 million PAID tokens worth $37 meg.

The exploit is conceptually similar to an attack on insurance protocol Cover that took place in late December last yr. In that instance, the team took a "snapshot" of holders prior to the set on and issued a new token, returning the supply of the token to pre-exploit levels.

The team confirmed on Twitter that they are currently planning for a snapshot and restoration:

Nevertheless, token holders anxious for a resolution may be out of luck. Some in the community are speculating that the set on on PAID wasn't an exploit at all, but instead a "rugpull" — a colloquial term for an insider designing contracts to specifically make them exploitable and swiping user funds.

Nick Chong of Parafi Majuscule noted on Twitter that Paid'due south deployer contract, an externally controlled business relationship, transferred ownership of the deployer to the attacker presently before the mint, indicating that a member of the team either rugpulled, or errantly allowed the assail to take place with a security lapse:

Additionally, a DeFi risk analysis account @WARONRUGS warned of exactly this exploit in late January, noting that the contract possessor can mint PAID tokens at whatsoever time:

An on-chain note sent to the attacker has ominously warned that "the LAPD will be in contact with Kyle Chasse very shortly." Kyle Chasse is the CEO of Paid Network.

Paid Network did non respond to a request for comment past the time of publication.