$5M rescued, large withdrawals time-locked, hacker wants fees back

In a recent cryptocurrency hack, $5 million was successfully rescued by the platform’s security team. However, to prevent further damage, large withdrawals have been time-locked, causing some inconvenience to users. Additionally, the hacker responsible for the attack is demanding fees back from the platform. Stay updated on the latest developments of this incident.

ParaSpace, a crypto and NFT staking platform, recently experienced an attempted exploit that put $5 million at risk. The attack was acknowledged by ParaSpace, and the company later stated that the cause of the exploit had been found. Fortunately, all user funds, including NFTs, were safe, but ParaSpace did lose 50 to 150 ETH due to price slippage during the attack and the recovery. To cover those protocol losses, ParaSpace said it will provide a 5% bounty to BlockSec, the company that informed ParaSpace of the vulnerability.

Surprisingly, despite nine audits from various companies, some of which happened just months ago, ParaSpace admitted that the issue existed. The company is now patching the issue and conducting further audits. However, large withdrawals will be time-locked, and the protocol pause will remain in effect until ParaSpace is confident that the exploit has been completely resolved.

The attack was first reported by crypto security firm BlockSec, which rescued 2,900 ETH ($5 million) before contacting ParaSpace. According to BlockSec, a vulnerability in one of ParaSpace’s smart contracts allowed the attacker to borrow additional tokens through a six-step process. BlockSec not only thwarted the attack but also used the hacker’s own exploit to recover the stolen funds forcibly.

The hacker later sent a message to BlockSec, requesting for some of the money back. The hacker admitted to losing a lot of money trying to make it work, adding that it would be cool to get at least some of that money back.

ParaSpace is a platform that allows users to stake other assets, including non-fungible tokens (NFTs) and ERC-20 tokens. It advertises Bored Ape Yacht Club (BAYC) staking, even though the two projects are not officially associated. Despite the recent issue, ParaSpace’s commitment to resolving the exploit and to reimbursing affected users is commendable.

Leave a Comment

Google News