PAID Network Suffers an Infinite Mint Attack

Featured in News

PAID Network Suffers an Infinite Mint Attack

Mar 6 2021

Image: PAID Network Medium account

In brief

  • DeFi project Paid Network recently suffered an infinite mint attack.
  • The attacker allegedly got away with a massive amount of tokens whose price was rapidly declining.
  • So far, the attacker converted a portion into Ether, leaving the rest of the coins to lose value.

A recent surge of hacking attacks against DeFi projects is leaving investors concerned and mistrusting, particularly as several attacks might be rugpulls and exit scams.

A decentralized finance platform known as Paid Network recently suffered an infinite mint attack. As a result of the incident, the project’s token, PAID, saw its prices plunging upwards of 85%. In total, the exploit netted almost $180 million-worth of tokens, which is likely the largest exploit of a DeFi protocol in the sector’s history.

What Happened?

According to recent reports, Paid Network — a platform aimed at real-world businesses — was heavily exploited in an infinite mint attack. However, while the attack netted $180m, this is not the amount that the hacker has managed to secure, which is actually significantly smaller.

One member of the crypto Twitter did the calculations, noting that the attacker only managed to covert a portion of the stolen PAID tokens to Ether. Meanwhile, the rest were let behind to continuously lose value as the token’s price began to crash.

Analysts have found that the attacker’s wallet still holds over $37 million in PAID (57 million tokens).

What is Known About the Exploit?

While the hacker’s identity remains hidden, the exploit itself is not exactly new or revolutionary. In fact, it is similar to an attack that took place in late 2020, when insurance protocol Cover was hit. Back then, the project’s developers took a snapshot of holders just before the attack was made.

After that, they were able to recover by issuing a new token and distributing it to users to match the state of their wallets before the attac took place. PAID’s team revealed that they are also planning to restore everyone’s original balances to match the situation from before the incident, which indicates that they too might have a snapshot of the holders.

For the moment, the team is investigating the matter, according to its recent tweet.

Another Project that Awoke Doubt Among Investors

Recently, there has seems to be a growing mistrust between hacked projects and their communities, with many assuming that the PAID exploit was not an exploit, but a rugpull, or an intentional bad design of contracts specifically made to steal money from investors.

Similar suspicions were made about the project Meerkat Finance, which recently allegedly got hacked.