Although crypto hacks have been prominent since the emergence of the blockchain industry, blockchain security firms are working hard to bring security and transparency to the sector. This time, BlockSec, a smart-contract auditing firm dedicated to building a security infrastructure, has. stopped A hacker stole $5 million in crypto funds at ParaSpace.
ParaSpace is a decentralized lending protocol that allows users to lend or borrow various crypto assets on the Ethereum blockchain. In addition to the platform enabling users to earn interest on NFTs or other assets, ParaSpace also lets users use borrowed funds as collateral.
The Risk This smart contract’s borrowing protocol enabled the hacker to borrow assets with fewer NFTs than needed as collateral, allowing the attacker to circumvent the liquidity protocol. Fortunately, the exploiter failed on its first attempt to execute the transaction due to insufficient gas charges. Meanwhile, smart-contract auditing platform BlockSec discovered the hack and modified the protocol in time to prevent the hacker from removing the crypto assets.
Abirah Hashim, an Associate Editor PrivacySavvy, a trusted cyber security website, launched an alert Reached as a group of crypto publishers.
“Although it’s great that BlockSeq successfully prevented this attack, it’s important to note that vulnerabilities in security systems may still exist. As cyber attackers continue to develop and develop new methods, it’s important for companies to regularly evaluate their security measures to stay ahead of potential threats. And updating is important.”
ParaSpace ceased operations after the hack
To comment on the event, ParaSpace Tweeted;
with us @BlockSecTeam We are pleased to share that ParaSpace has identified the cause of the prior exploit in the protocol, and that all user funds and assets at ParaSpace are safe and secure. No NFTs were compromised and the financial loss in the protocol is minimal.
Paraspace further noted that the platform had halted all operations until the vulnerabilities identified through the exploit were fixed. In other words, no transactions, withdrawals, or deposits can proceed because the smart contract team is currently “fixing identified vulnerabilities.”
Lei Wu, Co-Founder and CTO at BlockSec, highlighted That the internal security function automatically monitors the transactions linked to the hack. He said that the security function has the ability to prevent hacking in real time.
The NFT lending protocol said the smart contract suffered a loss of 50-150 Ethereum due to the exploit “swapping between tokens during the exploit.” But ParaSpace will allocate these funds from its own pocket to the smart-contract. is lost
Interestingly, the hacker left an on-chain message after failing to steal the money, asking Blocksec to refund some of the gas fees he spent hacking ParaSpace. he wrote:
I couldn’t get it to work due to a silly gas estimation error. Since I lost a lot of money doing this, it would be nice to at least get some back… Good luck,
It’s not the first time BlockSec has saved funds from cybercriminals. The security firm recently saved $2.4 million Platypus finance exploiters In February 2022. In April 2022, it stopped Hackers stole $3.8 million from Saddle Finance.
Featured image from Pixabay and chart from TradingView.com