BlockSec prevents $5 million from being stolen on Paraspace

Quick Take

  • Security firm BlockSec prevented a hacker from stealing $5 million from the NFT lending project Paraspace.
  • After the hacker was unable to execute the attack due to low gas fees, BlockSec carried out the attack as a white hat and took control of assets.
  • The firm said it has notified Paraspace regarding their return.

BlockSec, a smart contract audit firm, prevented a hacker from stealing 2,900 ether ($5 million) from the NFT lending project Paraspace amid a major vulnerability, it said.

BlockSec detected a hack in real time and rescued the funds, it said.

After the perpetrator was unable to execute the attack amid low gas fees, BlockSec carried out the attack as a white hat and took control of 2,900 ether ($5 million) worth of assets from Paraspace. The firm said it has notified Paraspace regarding their return.

“We monitored and observed the failed transaction. Meanwhile, we re-deployed the [hacker's] contract with some upgrades to do the rescue,” Matthew Jiang, director of security services at BlockSec told The Block.

Paraspace said in a Twitter post it had paused its lending protocol and was investigating the issue. It added that NFT assets deposited to the platform were safe.

BlockSec thwarts theft using its real-time monitoring system

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The vulnerability in Paraspace’s lending contracts could have allowed the attacker to borrow crypto tokens with less NFT collateral than needed, which may have then allowed the hacker to drain its liquidity.  “On Paraspace, the loan collateral's balance could be manipulated by the attacker,” Jiang further noted.

BlockSec added that it was able to thwart the hack using an internal system that detects hacking incidents in real time. "We have an internal system that is able to monitor attack transactions and try to prevent them automatically," said Lei Wu, co-founder and CTO of BlockSec.

After the incident, the hacker left an on-chain message requesting BlockSec return gas fees of about 0.7 ETH the person spent in trying to hack Paraspace. "I couldn't make it work because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, it would be cool to get at least some of them back... best of luck," the hacker wrote.

This was not the first time BlockSec has leveraged its internal system to save funds for projects. BlockSec was able to rescue $3.8 million from the exploiters of Saddle Finance in April 2022. In February it recovered $2.4 million from Platypus Finance hackers.

Paraspace did not immediately respond to a request for comment.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Mike Millard at
[email protected]