Although crypto hacking has been popular since the emergence of the blockchain industry, blockchain security companies are working hard to bring security and transparency to the sector. This time, BlockSec, a smart contract auditing company dedicated to building security infrastructure prevented hackers from stealing $5 million worth of crypto funds in ParaSpace.
ParaSpace is a decentralized lending protocol that allows users to borrow or lend various crypto assets on the Ethereum blockchain. In addition to the platform that allows users to lend NFTs or other assets to receive a percentage in the form of interest, ParaSpace allows users to use borrowed funds as collateral.
At vulnerability in this smart contract lending protocol allows hackers to borrow assets with fewer NFTs than needed as collateral, allowing attackers to drain the liquidity protocol. Fortunately, the exploiter failed in the first attempt to execute the transaction due to insufficient gas costs. Meanwhile, BlockSec’s smart contract auditing platform detects the hack and modifies the protocol in time to prevent hackers from liquidating crypto assets.
Abeerah Hashim, Associate Editor at PrivacySavvy, a trusted cyber security website, started warning when a group of crypto publishers reached out.
“While it is good to see BlockSec succeed in preventing this attack, it is important to note that vulnerabilities in security systems may still exist. As cyber attackers continue to evolve and develop new methods, it is very important for companies to regularly evaluate and update their security measures to avoid threats potential.
ParaSpace Suspends Operations After Hack
To comment on the incident, ParaSpace tweeted;
We are together @BlockSecTeam has identified the cause of the exploitation that occurred earlier in the ParaSpace protocol, and we are relieved to show that all user funds and assets in ParaSpace are safe and secure. No NFTs are compromised and the financial loss to the protocol is minimal.
ParaSpace further noted that the platform has paused all operations until it removes the vulnerabilities identified through the exploit. In other words, transactions, withdrawals, or deposits cannot continue because the smart contract team is now “fixing known vulnerabilities.”
Lei Wu, co-founder and CTO at BlockSec, highlighted that internal security functions automatically monitor transactions related to the hack. He said that the security function has the ability to prevent hacks in real time.
The NFT lending protocol explained that the exploit caused the smart contract to lose 50-150 Ethereum as the attacker “exchanged between tokens during the exploit.” has disappeared.
Interestingly, the hacker left a message on-chain after he failed to steal the funds, asking BlockSec to refund some of the gas costs incurred during the ParaSpace hack. He wrote:
I couldn’t do it because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, I better get at least a little more…
BlockSec has not rescued funds from cybercriminals for the first time. The security company recently rescued $2.4 million from Platypus Finance exploiters in February 2022. In April 2022, they prevented hackers from stealing $3.8 million from Saddle Finance.
Option images from Pixabay and charts from TradingView.com