Although crypto hacks have been prominent since the blockchain industry emerged, blockchain security companies are working hard to bring security and transparency to the sector. This time, BlockSec, a smart contract auditing firm dedicated to building a security infrastructure, has prevented a hacker stealing $5 million in crypto funds from ParaSpace.
ParaSpace is a decentralized lending protocol that allows users to lend or borrow various crypto assets on the Ethereum blockchain. In addition to the platform that allows users to lend NFTs or other assets to receive a percentage in the form of interest, ParaSpace allows users to use borrowed funds as collateral.
He vulnerability in the lending protocol of this smart contract allowed the hacker to borrow assets with fewer NFTs than needed as collateral, allowing the attacker to drain the protocol of liquidity.
Fortunately, the operator failed in his first attempt to execute the transaction due to insufficient gas tariffs. Meanwhile, the BlockSec smart contract auditing platform detected the attack and modified the protocol in time to prevent the hacker from liquidating the crypto asset.
Abeerah Hashim, Associate Editor of PrivacySavvy, a trusted cyber security website, started a warning when a group of crypto publishers reached out.
“While it’s great to see BlockSec successfully prevent this attack, it’s critical to note that vulnerabilities may still exist in security systems. As cyber attackers continue to evolve and develop new methods, it is crucial that companies regularly evaluate and update their security measures to stay ahead of potential threats.”
ParaSpace halted operations after the hack
To comment on the incident, ParaSpace tweeted;
we together @BlockSecTeam We have identified the cause of the exploit that occurred earlier in the ParaSpace protocol, and we are relieved to share that all user funds and assets on ParaSpace are safe and secure. No NFTs were compromised and the financial losses from the protocol are minimal.
ParaSpace further noted that the platform had halted all operations until it removed the vulnerabilities identified through the exploit. In other words, any transaction, withdrawal or deposit cannot proceed as the smart contract team is currently “fixing the identified vulnerabilities”.
Lei Wu, co-founder and CTO of BlockSec, highlighted that the internal security function automatically monitored the transaction linked to the hack. He said that the security feature has the ability to prevent an attack in real time.
The NFT lending protocol explained that the exploit had cost the smart contract a loss of 50-150 Ethereum due to the attacker “exchanging tokens during the exploit.” But ParaSpace will allocate these funds to smart contracts out of pocket so nothing has been lost.
Interestingly, the hacker left a message on the chain after he failed to steal the funds, asking BlockSec to return some of the gas fees he spent during the ParaSpace hack. He wrote:
I couldn’t get it to work due to a stupid gas estimation error. Since I lost a lot of money trying to get it to work, it would be nice to get at least some of that back… good luck.
BlockSec has not rescued the funds from cybercriminals for the first time. The security firm recently saved $2.4 million from Platypus Finance exploiters in February 2022. In April 2022, prevented hackers to steal $3.8 million from Saddle Finance.
Featured image from Pixabay and graphic from TradingView.com
