Someone has exploited PAID Network, a decentralized finance DeFi app, via a vulnerability that allowed him to mint about $100 million worth of Paid tokens and sold most of them.
The unknown person exploited the hack through the contract’s token minting feature and created over 59.4 million PAID tokens worth $166 million at the time of the attack. The attacker then moved on to selling the fraudulently created tokens on Uniswap and successfully sold around 2.5 million PAID tokens for about 2000 ETH worth $3 million.
PAID Network is DeFi cryptocurrency project that uses an Ethereum-based token. Network data indicates that more than 2000 ETH was obtained by the hacker after some of the 59.4 million minted PAID tokens were traded on Uniswap decentralized exchange service.
Etherscan data shows that about 2.5 million PAID tokens were sold over the course of 13 transactions.
The culprit dumped the tokens in the Uniswap market, thus causing the price of PAID tokens to drop by 75% instantly. The flood of the tokens into the market instantly crashed the price of the PAID tokens from $2.80 to 0.40. The hacker’s wallet address still contains more than 56 million PAID tokens worth about $24 million.
It is not clear if it was a hacker or a team responsible for the incident. Paid Network has had many successful audits, but it is strange to see a mint hack on the protocol. The attacker could have potentially accessed the private keys of the company’s team.
PAID Network has said that it is pulling liquidity from the vulnerable contract so that to prevent any further damage. The team also plans to create a new contract to restore token balances. Based on its tweet, PAID Network has promised to publish a comprehensive report regarding the hacking incident soon.
DeFi Hacks Raise Eyebrows
DeFi has become of the fastest growing trends in the cryptocurrency industry. Funds locked in decentralized finance have exponentially grown, but companies offering such services have often become the victims of hacks. The boom of the DeFi market has been leveraged by criminal hackers and money launderers. DeFi protocols are permissionless by design, and this means that they often lack clear regulatory compliance and anyone in any nation is able to access them with little or no KYC information collected.
Consumers are advised to keep vigilant to vulnerabilities, fraud, hacks, attacks, and manipulation risks being witnessed in DeFi projects. DEXes have no way of freezing funds like centralized exchanges. This power lies in the individuals DeFi projects themselves. But if companies don’t take proper steps to ensure the security of smart contracts on which their DeFi projects rely, then DeFi would continue to suffer from consequences resulting from inadequate security and AML.
Image source: Shutterstock