On the 5th of March at 8pm UTC+2, PAID Network experienced a cyberattack on its platform.
Kyle Chassé, the founder of PAID Network, has taken time to educate the community on the details of the cyberattack. He also gave thanks to the community for their support during the investigation of the attack.
Details of the Attack
The attack was aimed at the exploitation of the PAID Network deployer contract, which resulted in the theft of over 59 million PAID tokens. To carry out the attack, the attacker leveraged on the upgrade function of the smart contract. The attacker also made use of a compromised private key to access the original contract deployer.
After accessing the original contract deployer, the attacker then moved to “upgrade” to a new smart contract. Through this new smart contract, the attacker was able to burn and re-mint tokens. As a result, the attacker was able to mint 59,471,745.571 PAID tokens.
The attacker then moved to sell these tokens. As a result, the attacker sold 2,501,203 $PAID tokens on Uniswap for a total of 2,040.4339 ETH. This was before the attack was discovered at 8:17pm UTC+2.
When the PAID team noticed the attack, they pulled liquidity from Uniswap in order to reduce the damage. The PAID team also asked all PAID token holders to stop all transactions to reduce further risks.
Technical Causes of the Attack
The attack was caused by two technical issues: a leaked private key and failure in the key management processes. The private key leak was the first failure leading to the attack. The PAID Network team has, however, identified what caused the private key leak and has mitigated it.
A failure in the key management process was also another root cause of the attack. When the private key was compromised, it gave the attackers access to the PAID token contract. As a result, the attacker was able to modify the token contract to burn and re-mint the PAID tokens.
PAID Network Plans Against Further Attacks
Upon discovery, the PAID team invited industry experts like Acheron, Parsiq, Cipherblade, Immunefi, and CertiK to weigh in. These experts were invited to lend their expertise to safeguard users from further attacks and to specify the steps that needed to be taken.
PAID Network also relaunched its token to prevent further risk by the attacker. The purpose of the token relaunch is to remove the attacker’s tokens from the token supply, thus invalidating them. The control of the new token contract will be moved to a multisig. This will ensure comprehensive security and mitigate further attacks.
Before now, PAID Network entered into a strategic partnership with DAO Maker. The partnership was aimed at providing projects built on its Ignition platform with top-notch, reliable, and loyal communities.
As of the time of writing, PAID Network price was $2.13, with a 24-hour trading volume of $19,188,325. PAID price rose up by 1525.5% over the last 24 hours. Besides, it has a max supply of 594.7 million coins. Uniswap (v2) is also the current most active market trading PAID.
Join us on Telegram to receive free trading signals.
For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.