시가 총액
24시간 볼륨
5963
암호화폐
42.37%
Bitcoin 공유

PAID Network exploiter nets $3 million in infinite mint attack

PAID Network exploiter nets $3 million in infinite mint attack


CoinTelegraph
2021-03-05 19:58:35

After an attack at one point worth nearly $180 million, community members are left wondering if the exploit is a "rugpull" or a security lapse. Paid Network, a DeFi platform aimed at real-world businesses, has been exploited today in an “infinite mint” attack that has sent PAID token prices plunging upwards of 85%.While the exploit netted nearly $180 million in PAID tokens at the time of the attack — what would have comfortably been the largest exploit of a DeFi protocol — the hacker’s payday will end up being far less. One observer noted that the attacker’s wallet only converted some of their tokens to wrapped ether, leaving the rest in rapidly-devaluing PAID tokens: Summary of $PAID incident:Total PAID swapped to WETH: 2079.603371141493 = $3,104,887.33Total PAID left in account: 594,717,455.71 = $24,313,147Total amount in attacker account = $27,418,034.33Stay Safe. pic.twitter.com/Lz93qGKAq0— vasa (@vasa_develop) March 5, 2021 The attacker’s wallet still has over 57 million PAID tokens worth $37 million. The exploit is conceptually similar to an attack on insurance protocol Cover that took place in late December last year. In that instance, the team took a “snapshot” of holders prior to the attack and issued a new token, returning the supply of the token to pre-exploit levels. The team confirmed on Twitter that they are currently planning for a snapshot and restoration:We are investigating the issue. We pulled liquidity, are creating a new smart contract, & will be restoring everyone's original balances to before the hack.Those with staked, Lpool & UniFarm $PAID will have their tokens be sent to them manually.We will share more updates soon— PAID NETWORK (@paid_network) March 5, 2021 However, token holders anxious for a resolution may be out of luck. Some in the community are speculating that the attack on PAID wasn’t an exploit at all, but instead a “rugpull” — a colloquial term for an insider designing contracts to specifically make them exploitable and swiping user funds. Nick Chong of Parafi Capital noted on Twitter that Paid’s deployer contract, an externally controlled account, transferred ownership of the deployer to the attacker shortly before the mint, indicating that a member of the team either rugpulled, or errantly allowed the attack to take place with a security lapse:Paid Network's deployer, an EOA, transferred ownership of a contract to the attacker 30 mins before the minthttps://t.co/h14GdV4fCf— Nick Chong (@n2ckchong) March 5, 2021 Additionally, a DeFi risk analysis account @WARONRUGS warned of exactly this exploit in late January, noting that the contract owner can mint PAID tokens at any time:❌ Scam Advisory #86- PAID Network $PAID (0x8c8687fC965593DFb2F0b4EAeFD55E9D8df348df)Reason: The owner can mint tokens and did mint tokens to fresh wallets who never bought the presale. Contract is behind a proxy.Likeliness of losing all funds: Very HighDYOR. #WARONRUGS❌ pic.twitter.com/YQunjpWuxY— #WARONRUGS❌ (@WARONRUGS) January 25, 2021 An on-chain note sent to the attacker has ominously warned that “the LAPD will be in contact with Kyle Chasse very shortly.” Kyle Chasse is the CEO of Paid Network.Paid Network did not respond to a request for comment by the time of publication. 


Coin Extrude Ecosystem
면책 조항 읽기 : 본 웹 사이트, 하이퍼 링크 사이트, 관련 응용 프로그램, 포럼, 블로그, 소셜 미디어 계정 및 기타 플랫폼 (이하 "사이트")에 제공된 모든 콘텐츠는 제 3 자 출처에서 구입 한 일반적인 정보 용입니다. 우리는 정확성과 업데이트 성을 포함하여 우리의 콘텐츠와 관련하여 어떠한 종류의 보증도하지 않습니다. 우리가 제공하는 컨텐츠의 어떤 부분도 금융 조언, 법률 자문 또는 기타 용도에 대한 귀하의 특정 신뢰를위한 다른 형태의 조언을 구성하지 않습니다. 당사 콘텐츠의 사용 또는 의존은 전적으로 귀하의 책임과 재량에 달려 있습니다. 당신은 그들에게 의존하기 전에 우리 자신의 연구를 수행하고, 검토하고, 분석하고, 검증해야합니다. 거래는 큰 손실로 이어질 수있는 매우 위험한 활동이므로 결정을 내리기 전에 재무 고문에게 문의하십시오. 본 사이트의 어떠한 콘텐츠도 모집 또는 제공을 목적으로하지 않습니다.