PAID Network exploiter nets $3 million in infinite mint attack
PAID Network exploiter nets $3 one thousand thousand in infinite mint assault
After an set on at ane point worth most $180 million, community members are left wondering if the exploit is a "rugpull" or a security lapse.
22404 Total views
36 Full shares
Paid Network, a DeFi platform aimed at real-world businesses, has been exploited today in an "infinite mint" attack that has sent PAID token prices plunging upwards of 85%.
While the exploit netted nearly $180 million in PAID tokens at the fourth dimension of the attack — what would take comfortably been the largest exploit of a DeFi protocol — the hacker's payday will stop upwardly being far less. One observer noted that the attacker's wallet only converted some of their tokens to wrapped ether, leaving the residue in rapidly-devaluing PAID tokens:
— vasa (@vasa_develop) March 5, 2021Summary of $PAID incident:
Total PAID swapped to WETH: 2079.603371141493
= $3,104,887.33Total PAID left in account: 594,717,455.71
= $24,313,147Total amount in attacker business relationship = $27,418,034.33
Stay Condom. motion-picture show.twitter.com/Lz93qGKAq0
The aggressor's wallet still has over 57 million PAID tokens worth $37 meg.
The exploit is conceptually similar to an attack on insurance protocol Cover that took place in late December last yr. In that instance, the team took a "snapshot" of holders prior to the set on and issued a new token, returning the supply of the token to pre-exploit levels.
The team confirmed on Twitter that they are currently planning for a snapshot and restoration:
— PAID NETWORK (@paid_network) March 5, 2021We are investigating the issue. Nosotros pulled liquidity, are creating a new smart contract, & volition be restoring everyone'southward original balances to before the hack.
Those with staked, Lpool & UniFarm $PAID will have their tokens exist sent to them manually.
Nosotros will share more updates soon
Nevertheless, token holders anxious for a resolution may be out of luck. Some in the community are speculating that the set on on PAID wasn't an exploit at all, but instead a "rugpull" — a colloquial term for an insider designing contracts to specifically make them exploitable and swiping user funds.
Nick Chong of Parafi Majuscule noted on Twitter that Paid'due south deployer contract, an externally controlled business relationship, transferred ownership of the deployer to the attacker presently before the mint, indicating that a member of the team either rugpulled, or errantly allowed the assail to take place with a security lapse:
Paid Network's deployer, an EOA, transferred ownership of a contract to the attacker 30 mins before the minthttps://t.co/h14GdV4fCf
— Nick Chong (@n2ckchong) March five, 2021
Additionally, a DeFi risk analysis account @WARONRUGS warned of exactly this exploit in late January, noting that the contract possessor can mint PAID tokens at whatsoever time:
— #WARONRUGS❌ (@WARONRUGS) January 25, 2021❌ Scam Advisory #86- PAID Network $PAID (0x8c8687fC965593DFb2F0b4EAeFD55E9D8df348df)
Reason: The owner can mint tokens and did mint tokens to fresh wallets who never bought the presale. Contract is behind a proxy.
Likeliness of losing all funds: Very High
DYOR. #WARONRUGS❌ pic.twitter.com/YQunjpWuxY
An on-chain note sent to the attacker has ominously warned that "the LAPD will be in contact with Kyle Chasse very shortly." Kyle Chasse is the CEO of Paid Network.
Paid Network did non respond to a request for comment past the time of publication.
Source: https://cointelegraph.com/news/paid-network-exploiter-nets-3-million-in-infinite-mint-attack
Posted by: mantoothtionce.blogspot.com
0 Response to "PAID Network exploiter nets $3 million in infinite mint attack"
Post a Comment