Paid Network, a crypto project that employs an Ethereum-based token, has experienced a contract exploit, appearing in the minting of approximately $160 million worth of tokens by the attacker. On Mar. 5, at around 18:10 UTC, an anonymous hacker employed a token minting function and developed over 59.4 million PAID tokens worth $166 million at the attack time. Quickly, the hacker transitioned on to trading the illicitly-created tokens on Uniswap. He triumphantly sold around 2.5 million PAID tokens for almost 2000 ETH, equal to $3 million.
PAID tokens drops after the occurrence of exploit
The flood of new tokens into the market immediately plunged the PAID token price from $2.80 to $0.40. The attacker’s wallet yet has above 57 million PAID tokens worth $37 million. The exploit was conceptually equivalent to an attack on insurance protocol cover in late December last year. In that case, the team took a “snapshot” of holders before the attack and assigned a new token, returning the token supply to pre-exploit levels.
After the exploit, Paid Network has declared that it is pulling liquidity from the vulnerable contract. The team also intends to develop a new smart contract to restore token balances. Paid Network has assured that it will publish a detailed report on the hack soon, in a tweet. The development team has rejected an “inside job,” but critics in the community have speculated that a founder may have carried the attack. To support that blame, they claim that specific addresses can only call some functions.
Furthermore, Nick Chong of Parafi Capital posted on Twitter that Paid’s deployer contract, an externally controlled account, assigned the deployer’s ownership to the attacker quickly before the mint. It indicates that a team member either rug pulled or errantly enabled the attack to occur with a security error. Additionally, a DeFi risk analysis account @WARONRUGS cautioned of precisely this exploit in late January, writing that the contract owner can devise PAID tokens at any time.
Follow BitcoinWorld for the latest updates.