PAID Network Suffers an Infinite Mint Attack
PAID Network Suffers an Infinite Mint Attack
Image: PAID Network Medium account
In brief
- DeFi project Paid Network recently suffered an infinite mint attack.
- The attacker allegedly got away with a massive amount of tokens whose price was rapidly declining.
- So far, the attacker converted a portion into Ether, leaving the rest of the coins to lose value.
A recent surge of hacking attacks against DeFi projects is leaving investors concerned and mistrusting, particularly as several attacks might be rugpulls and exit scams.
A decentralized finance platform known as Paid Network recently suffered an infinite mint attack. As a result of the incident, the project’s token, PAID, saw its prices plunging upwards of 85%. In total, the exploit netted almost $180 million-worth of tokens, which is likely the largest exploit of a DeFi protocol in the sector’s history.
What Happened?
According to recent reports, Paid Network — a platform aimed at real-world businesses — was heavily exploited in an infinite mint attack. However, while the attack netted $180m, this is not the amount that the hacker has managed to secure, which is actually significantly smaller.
One member of the crypto Twitter did the calculations, noting that the attacker only managed to covert a portion of the stolen PAID tokens to Ether. Meanwhile, the rest were let behind to continuously lose value as the token’s price began to crash.
Summary of $PAID incident:
Total PAID swapped to WETH: 2079.603371141493
= $3,104,887.33Total PAID left in account: 594,717,455.71
= $24,313,147Total amount in attacker account = $27,418,034.33
Stay Safe. pic.twitter.com/Lz93qGKAq0
— vasa (@vasa_develop) March 5, 2021
Analysts have found that the attacker’s wallet still holds over $37 million in PAID (57 million tokens).
What is Known About the Exploit?
While the hacker’s identity remains hidden, the exploit itself is not exactly new or revolutionary. In fact, it is similar to an attack that took place in late 2020, when insurance protocol Cover was hit. Back then, the project’s developers took a snapshot of holders just before the attack was made.
After that, they were able to recover by issuing a new token and distributing it to users to match the state of their wallets before the attac took place. PAID’s team revealed that they are also planning to restore everyone’s original balances to match the situation from before the incident, which indicates that they too might have a snapshot of the holders.
We are investigating the issue. We pulled liquidity, are creating a new smart contract, & will be restoring everyone's original balances to before the hack.
Those with staked, Lpool & UniFarm $PAID will have their tokens be sent to them manually.
We will share more updates soon
— PAID NETWORK (@paid_network) March 5, 2021
For the moment, the team is investigating the matter, according to its recent tweet.
Another Project that Awoke Doubt Among Investors
Recently, there has seems to be a growing mistrust between hacked projects and their communities, with many assuming that the PAID exploit was not an exploit, but a rugpull, or an intentional bad design of contracts specifically made to steal money from investors.
Paid Network's deployer, an EOA, transferred ownership of a contract to the attacker 30 mins before the minthttps://t.co/h14GdV4fCf
— Nick Chong (@n2ckchong) March 5, 2021
Similar suspicions were made about the project Meerkat Finance, which recently allegedly got hacked.
The author
