• ParaSpace experienced an attempted exploit that put $5 million at risk.
• Security firm BlockSec intercepted the hacker and rescued 2,900 ETH ($5 million).
• The attacker later asked for 0.7 ETH ($1,250) of gas fees to be returned.
ParaSpace Hack Attempted
The crypto and NFT staking platform ParaSpace experienced an attempted exploit that put $5 million at risk on March 17th.
Vulnerability Found
ParaSpace acknowledged the attack and paused its protocol while finding the cause of the exploit. It concluded that all user funds were safe but lost 50-150 ETH (less than $270,000) due to price slippage during the recovery process. They proposed a 5% bounty to BlockSec who informed them of the issue. Despite multiple audits from nine companies in recent months, this vulnerability still existed.
BlockSec Intervenes
Security firm BlockSec first reported the attack against ParaSpace at 6:50 a.m UTC on March 17th and intercepted the hacker, rescuing 2,900 ETH ($5 million). To reclaim these funds they re-deployed a version of the original attack contract.
Hacker Asks For Fees Back
The hacker later sent a message to BlockSec in a blockchain transaction asking for 0.7 ETH ($1,250) of gas fees to be returned as they had lost money trying to make it work.
ParaSpace Reacts
ParaSpace is patching up this issue and large withdrawals will now be time-locked until further audits can occur before reactivating their protocol again as well as covering any losses due to price slippage during recovery with their own funds .