BlockSec prevents the theft of $5 million from Paraspace
BlockSec stopped a hacker from stealing $5 million from the Paraspace NFT lending initiative.
BlockSec, a firm that audits smart contracts, stated that it prevented a hacker from stealing 2,900 ether ($5 million) from the NFT lending project Paraspace due to a significant vulnerability.
BlockSec reportedly discovered a breach in real-time and recovered the stolen cash. After the attacker could not execute the attack due to low gas fees, BlockSec attacked a white hat and seized $5 million worth of Paraspace’s assets. The company said that it had informed Paraspace of their return.
“We watched and tracked the unsuccessful transaction. Matthew Jiang, director of security services at BlockSec, told The Block that the [hacker’s] contract was redeployed with a few upgrades to perform the rescue.”
In a Twitter message, Paraspace said it had halted its lending process and examined the situation. It added the security of NFT assets deposited on the platform.
The flaw in Paraspace’s lending contracts may have allowed an attacker to borrow crypto tokens with less NFT collateral than was required, allowing the hacker to drain the company’s liquidity. “On Paraspace, the amount of loan collateral might be changed by an attacker,” Jiang said.
Using an internal system that detects hacking incidents in real-time, BlockSec was able to foil the hack, the company said. Lei Wu, co-founder and chief technology officer of BlockSec, said, “We have an internal mechanism that can monitor and attempt to block attack transactions automatically.”
Following the event, the hacker sent an on-chain message demanding that BlockSec refund about 0.7 ETH in gas expenses incurred while attempting to hack Paraspace. “I was unable to make it function due to an idiotic gas estimate mistake. It would be wonderful to receive at least part of the money I lost trying to make it work back… best of luck! “The hacker composed.
This was not the first time BlockSec used its internal mechanism to reduce project costs. In April 2022, BlockSec recovered $3.8 million from Saddle Finance’s exploiters. In February, it recovered $2,400,000 from hackers at Platypus Financial. The company Paraspace did not reply quickly to a request for comment.