PAID Network Hacker Receives $3 Million In Infinite Mint Attack

Paid Network has been attacked via a vulnerability that allowed a hacker to create millions of new tokens.

March 6, 2021 | AtoZ Markets – The Paid Network, a DeFi platform targeting real-world businesses, was breached yesterday in an "infinite issuance" attack that has caused PAID token prices to drop by more than 85%.

Paid Network attacker dumped millions

While the incident generated nearly $180 million in PAID tokens at the time of the attack, which would have been the largest breach of a DeFi protocol, the hacker's loot will end up being much less. One observer noted that the attacker's wallet only converted some of its tokens to Wrapped Ether, leaving the rest to rapidly devaluing PAID tokens:

Multibank Review
Visit Site
eToro Review
Visit Site
4.8/5 Review
Visit Site

The attacker's wallet still has more than 57 million PAID tokens worth $37 million.

The incident is conceptually similar to an attack on the Cover protocol that took place in late December last year. In that case, the team took a "snapshot" of the holders before the attack and issued a new token, returning the supply of the token to pre-attack levels.

Read also: CREAM Finance DeFi Protocol Hacked, $37.5 Million Stolen

The team confirmed on Twitter that they are currently planning a snapshot and restore:

However, token holders eager for a resolution may be out of luck. Some in the community are speculating that the attack on PAID was not an exploit at all, but rather a "rugpull," a colloquial term for an insider who designs contracts to specifically make them vulnerable and steal user funds.

Nick Chong of Parafi Capital noted on Twitter that the deployment contract for Paid, an externally controlled account, transferred ownership of the deployer to the attacker shortly before the issuance of new tokes, indicating that a team member made the " rugpull "or allowed the attack to get in with a security flaw:

Furthermore, a DeFi risk analysis account @WARONRUGS warned of exactly this vulnerability in late January, noting that the contract owner can issue PAID tokens at any time:

An on-chain note sent to the attacker ominously warned that "the LAPD will be contacting Kyle Chasse very soon." Kyle Chasse is the CEO of Paid Network.

Think we missed something? Let us know in the comment section below.

Leave a Reply

Your email address will not be published. Required fields are marked *