PAID Network suffered an attack that left it short of $180 million worth of PAID tokens. This incident has left the community wondering if it was a “rug pull” or merely a security lapse. The exploiter perpetrated the “infinite mint” attack that led to an upward plunge of 85% of PAID token prices.
During the attack, the exploiter netted up to $180 million worth of PAID tokens. But unfortunately for the wrongdoer, the total amount to leave the network will be far lesser. If the perpetrator had succeeded in cashing out the whole stolen tokens, this attack would have been the largest of all against DeFi protocols.
According to an observer, the hacker’s wallet could successfully convert few tokens to Wrapped ETH but left the remaining tokens in devaluing PAID tokens. But more than 57 million PAID tokens are still in the exploiter’s wallet. The current value of these tokens is up to $37 million.
This attack on PAID Network is almost the same that occurred in December 2020. The victim was Cover, an insurance protocol utilizing ERC-20 fungible tokens. When the attack occurred, the Cover team snapped the holders before the attack. Afterward, they issued a new token to return the token supply to the levels before the attack.
PAID Network Reaction To The Attack
According to PAID network, they’ll commence the snap and restore action as soon as possible. The team has disclosed that they’re investigating the attack. They also assured the community that they pulled liquidity and have commenced creating a new smart contract. Afterward, they’ll restore the balances in everyone’s accounts as it was before the exploit.
Also, PAID Network team stated that they’d manually return the tokens to those who have staked, Lpool and Unifarm.
A Security Lapse or An Attack?
Amidst the chaos, panic, and promises, some traders are not entirely sure that the attack was not a rug pull. A “Rugpull” is a term which the crypto community uses to describe an attack where an insider designs a contract in a way that they can exploit them and swipe user funds.
From what a team member of ParaFi Capital, Nick Chong, tweeted, it seems that there was insider assistance to the hackers. According to Nick, PAID’s deployer contract transferred its ownership to the hacker before the mint took place.
This shows that someone on the inside may have rug-pulled or enabled the attacker to succeed with a security failure. Another indication that this may have been more than everyone thinks is that the warning came earlier in January.
A DeFi risk analysis account “@WARONRUGS” warned that the contract owner might perpetuate this exploit. However, PAID Network is yet to respond to the comments concerning the exploit.