According to various reports on March 17, cryptocurrency and NFT staking platform ParaSpace experienced an exploit attempt that put $5 million at risk.
ParaSpace Confirms Vulnerability
ParaSpace acknowledged the attack on the contract earlier in the day.It suspended that protocol and later said it was Discover the cause of exploits.
The project further stated that all user funds, including NFTs, are safe.ParaSpace lost between 50 and 150 ETH (less than $270,000) due to price drops and recoveries during the attack. ParaSpace says it will cover the loss of these protocols. Additionally, he, who notified the issue, told BlockSec that he would offer a 5% bounty.
When asked about its past audits, ParaSpace acknowledged that despite having nine audits from multiple companies, the problem exists.
ParaSpace said it was patching the issue and said the protocol suspension would continue pending further audits. ParaSpace hasn’t announced when it will reopen, but another restriction has been added. time locked.
Attackers intercepted by BlockSec
Crypto Security Company BlockSec first reported attack We played ParaSpace on March 17th at 6:50am UTC. Around that time, we intercepted a hacker and rescued 2,900 ETH ($5 million). The company he tried to contact ParaSpace but got no response.
According to BlockSec, a vulnerability in one of ParaSpace’s smart contracts allowed the attacker to borrow additional tokens through a six-step process.
BlockSec also clarified in a statement. block The hackers used their own exploits and even redeployed versions of the original attack contract to forcefully recover the stolen funds.BlockSec withheld the rescued funds and returned them to ParaSpace.
hacker later Sent message to BlockSec A blockchain transaction that requested a refund of gas fees of 0.7 ETH ($1,250). “I lost a lot of money trying to make it work,” the attacker wrote, adding: [that money] return. “
ParaSpace is a platform that allows users to wager non-fungible tokens (NFTs) and other assets such as ERC-20 tokens. The site promotes staking Bored Ape Yacht Club (BAYC), but the two projects are not officially linked.
