PAID Network Releases Exploit Post-Mortem

Share Article
In Brief
The Trust Project is an international consortium of news organizations building standards of transparency.

On Mar. 7, PAID Network released a post on Medium with a report on its Mar. 5 exploit.



What Happened

In the report, PAID founder Kyle Chassé states that the attacker utilized a compromised private key to take advantage of the smart contract upgrade function. “The attacker then proceeded to ‘upgrade’ to a new smart contract which had the ability to burn and re-mint tokens.”

The attacker proceeded to mint 59,471,745.571 PAID tokens and then began to sell them. Over 2.5 million PAID tokens were sold on Uniswap. The hacker gained over 2 million ETH before the team noticed the exploit and took measures.



The PAID team asked token holders to set aside their transactions. Industry experts were called in and the post-mortem began.

What’s next?

PAID will relaunch the token. As for the platform, the team plans upgrades. These include multisignature contracts and improved security and process audits. 

The token relaunch works from a snapshot of the token holdings at a moment just before the exploit began. Those tokens will be replaced. However, activity during the exploit is not covered, and the announcement does not go into what will happen to those who bought thinking that they were getting a good deal.

PAID Complaints

One issue with the PAID Network exploit is that the vulnerability that the hacker used was known. A tweet in January from #WARONRUGS pointed to the lack of multisignature contract control in particular.

Attack of the week

The frequency of attacks shows that hacker sophistication is improving faster than platform defense. On Feb. 27, Furucombo experienced a hack that lost it $15 million. CREAM Finance fell victim on Feb. 13, to the tune of $37.5 million.

Looking back into 2020, Akropolis had a hacker siphon off $2 million. Harvest Finance had $24 million in value taken last year. 

Sometimes, the amounts are not huge, at least not to those being scammed. In January, SushiSwap gained unwanted attention for a hack that let a specific trading pair on its platform lose $103,000. 

DeFi smart contracts and DEXs still need to secure their operations. Hacker sophistication is real, and any weakness will be exploited. Some hacks really are acts of malign genius, but others, such as the PAID Network event, are merely the result of lax security.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Related topics

James Hydzik is a finance and technology writer and editor based in Kyiv, Ukraine. He is especially interested in the development of regulation in the face of increasingly rapid technological change. He previously covered the CEE region for Financial Times banking and FDI magazines. An ardent believer in gut renovating eastern Europe one flat at a time, he currently holds more home renovation gear than crypto.

Follow Author

Don’t get FUD! Win 1 ETH when you deposit $100 with Bybit!      


FOMO no more. Win 1 BTC when you trade $100 on Bybit!      


Bybit New Token Listing: Win In-Game NFTs and SIDUS Tokens.      

Win Now!