In recent news, the cybersecurity firm BlockSec has prevented a hacker from stealing 5 million USD worth of cryptocurrency from the NFT lending project, Paraspace. The incident happened on March 17th when the hacker attempted to attack the Paraspace platform, taking advantage of the low gas fee at the time.
Fortunately, BlockSec, known for auditing smart contracts, was able to detect and block the attack, preventing the hacker from accessing 2,900 ETH (5 million USD) that was at risk of being stolen from Paraspace. After being notified by BlockSec, Paraspace immediately suspended its lending protocol to investigate the issue. The project has assured its users that all NFTs sent to the platform are safe.
1/ There is a flawed logic in borrow() of the ParaProxy contract (0x638a) of @ParaSpace_NFT . The attacker can borrow more tokens as his scaledBalance will be enlarged by depositing into the position of the proxy (0xC5c9), i.e., specifying the _recipient of depositApeCoin(). https://t.co/Z4e1QOpLg3 pic.twitter.com/fkd96nAPHb
— BlockSec (@BlockSecTeam) March 17, 2023
BlockSec revealed that the security breach was due to a vulnerability in Paraspace’s lending contracts, which allowed the attacker to easily borrow tokens with very little collateral, thus draining the platform’s liquidity. Lei Wu, the co-founder and CTO of BlockSec, said that the company was able to thwart the hack with its real-time internal incident detection system.
We noticed a suspicious transaction, and as a security measure, we have paused the entire ParaSpace protocol.
Currently, no transactions (withdrawals, deposits, liquidations) can take place with our contracts.
We are currently investigating and will provide you with an update… https://t.co/3vrIciVF5C
— ParaSpace (@ParaSpace_NFT) March 17, 2023
Interestingly, the hacker sent an on-chain message to BlockSec, requesting the return of a gas fee of about 0.7 ETH that was spent in the attempt to attack Paraspace. The message read, “I cannot complete the transaction due to a stupid gas calculation error. I lost a lot of money on this, it would be great if I could get some of it back…good luck.”
It is worth noting that this is not the first time BlockSec has sounded the alarm or protected projects from hackers. In April 2022, the company rescued 3.8 million USD from the hacker of Saddle Finance and successfully recovered 2.4 million USD from the attacker of Platypus Finance.
The incident highlights the importance of having strong cybersecurity measures in place for cryptocurrency projects. With the increasing popularity and value of NFTs, it is crucial for companies to prioritize the security of their platforms to protect their users’ assets. Thanks to BlockSec’s vigilance and expertise, Paraspace was able to avoid a major financial loss and prevent a potentially devastating impact on its users.
Read more:
- $1 Billion Class-Action Suit Filed Against “FTX Influencers” For Alleged Fraudulent Promotion
- FTX Founders And Executives Received $3.2 Billion From Alameda Research, As Revealed In Bankruptcy Filing