Hacker Performs $3 Million Attack On Paid Network
The DeFi platform has been exploited via a bug that allowed an attacker to mint tokens.
Share this article
The DeFi protocol Paid Network has been exploited via a vulnerability that allowed an attacker to create millions of new tokens.
Millions Dumped By Hacker
On Mar. 5, an unknown hacker exploited Paid Network’s smart contract and created over 59.4 million PAID tokens worth $166 million at the attack time.
“The attacker used a compromised private key to the original contract deployer to leverage the smart contract’s upgrade function. The attacker then proceeded to ‘upgrade’ to a new smart contract that had the ability to burn and re-mint tokens,” the team said.
Soon, the hacker moved on to selling the illicitly-created 2,501,203 $PAID tokens on Uniswap for 2,040.4339 ETH (about $3 million at the time).
The flood of new tokens into the market, as well as intense selling from the hacker, instantly crashed the PAID token price from $2.80 to $0.30 (at the time of publishing).
Updates On the Way
Even though the team has denied an inside job, critics in the community have speculated the attack could be a “rug pull.”
Paid Network has announced that it is pulling liquidity from the vulnerable smart contract to prevent further damage. The team is also planning to create a new contract to restore token balances.
Update: On Mar 7, the Paid Network team published a detailed post-mortem report.