In Brief

  • PAID Network released a post mortem on its Mar. 5 hack.
  • A snapshot of the pre-hack state of the network will be taken and the network reset.
  • The network is under fire for lax security and a publicly known vulnerability.
  • promo

On Mar. 7, PAID Network released a post on Medium with a report on its Mar. 5 exploit.

What Happened

In the report, PAID founder Kyle Chassé states that the attacker utilized a compromised private key to take advantage of the smart contract upgrade function. “The attacker then proceeded to ‘upgrade’ to a new smart contract which had the ability to burn and re-mint tokens.”

The attacker proceeded to mint 59,471,745.571 PAID tokens and then began to sell them. Over 2.5 million PAID tokens were sold on Uniswap. The hacker gained over 2 million ETH before the team noticed the exploit and took measures.

The PAID team asked token holders to set aside their transactions. Industry experts were called in and the post-mortem began.

What’s next?

PAID will relaunch the token. As for the platform, the team plans upgrades. These include multisignature contracts and improved security and process audits. 

The token relaunch works from a snapshot of the token holdings at a moment just before the exploit began. Those tokens will be replaced. However, activity during the exploit is not covered, and the announcement does not go into what will happen to those who bought thinking that they were getting a good deal.

PAID Complaints

One issue with the PAID Network exploit is that the vulnerability that the hacker used was known. A tweet in January from #WARONRUGS pointed to the lack of multisignature contract control in particular.

Attack of the week

The frequency of attacks shows that hacker sophistication is improving faster than platform defense. On Feb. 27, Furucombo experienced a hack that lost it $15 million. CREAM Finance fell victim on Feb. 13, to the tune of $37.5 million.

Looking back into 2020, Akropolis had a hacker siphon off $2 million. Harvest Finance had $24 million in value taken last year. 

Sometimes, the amounts are not huge, at least not to those being scammed. In January, SushiSwap gained unwanted attention for a hack that let a specific trading pair on its platform lose $103,000. 

DeFi smart contracts and DEXs still need to secure their operations. Hacker sophistication is real, and any weakness will be exploited. Some hacks really are acts of malign genius, but others, such as the PAID Network event, are merely the result of lax security.

Top crypto projects in the US | November 2024
Coinrule Coinrule Explore
Coinbase Coinbase Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinrule Coinrule Explore
Coinbase Coinbase Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

James-Hydzik.jpg
James Hydzik
James Hydzik is a finance and technology writer and editor based in Kyiv, Ukraine. He is especially interested in the development of regulation in the face of increasingly rapid technological change. He previously covered the CEE region for Financial Times banking and FDI magazines. An ardent believer in gut renovating eastern Europe one flat at a time, he currently holds more home renovation gear than crypto.
READ FULL BIO
Sponsored
Sponsored