<p><span style="font-weight: 400;">BlockSec, a smart contract audit firm, prevented a hacker from stealing 2,900 ether ($5 million) from the NFT lending project Paraspace amid a major vulnerability, it said. </span></p> <p>BlockSec detected a hack in real time and rescued the funds, it said.</p> <div class="flex justify-between"> <div class="text-gray-400 flex self-end lg:self-center justify-center mt-2 gap-3 md:gap-4 lg:gap-1 lg:absolute lg:top-0 lg:translate-x-full lg:right-0 lg:mt-0 lg:pl-2 visible">After the perpetrator was unable to execute the attack amid low gas fees, BlockSec <a href="https://etherscan.io/tx/0xe3f0d14cfb6076cabdc9057001c3fafe28767a192e88005bc37bd7d385a1116a">carried out</a> the attack as a white hat and took control of 2,900 ether ($5 million) worth of assets from Paraspace. The firm said it has notified Paraspace regarding their return.</div> </div> <p><span style="font-weight: 400;">“We monitored and observed the failed transaction. Meanwhile, we re-deployed the [hacker's] contract with some upgrades to do the rescue,” Matthew Jiang, director of security services at BlockSec told The Block.</span></p> <p><span style="font-weight: 400;">Paraspace <a href="https://twitter.com/ParaSpace_NFT/status/1636617953599946752">said</a> in a Twitter post it had paused its lending protocol and was investigating the issue. It <a href="https://twitter.com/ParaSpace_NFT/status/1636619765887422464">added</a> that NFT assets deposited to the platform were safe. </span></p> <h2><span style="font-weight: 400;">BlockSec thwarts theft using its real-time monitoring system</span></h2> <p><span style="font-weight: 400;">The vulnerability in Paraspace’s lending contracts could have allowed the attacker to borrow crypto tokens with less NFT collateral than needed, which may have then allowed the hacker to drain its liquidity. “On Paraspace, the loan collateral's balance could be manipulated by the attacker,” Jiang further noted.</span></p> <p><span style="font-weight: 400;">BlockSec added that it was able to thwart the hack using an internal system that detects hacking incidents in real time. "We have an internal system that is able to monitor attack transactions and try to prevent them automatically," said Lei Wu, co-founder and CTO of BlockSec.</span></p> <p><span style="font-weight: 400;">After the incident, the hacker </span><a href="https://etherscan.io/tx/0x8eb65ef100eb65273e42f227fb4b4b639531c2c892f4aa60c118c84dc677f98b"><span style="font-weight: 400;">left</span></a><span style="font-weight: 400;"> an on-chain message requesting BlockSec return gas fees of about 0.7 ETH the person spent in trying to hack Paraspace. "I couldn't make it work because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, it would be cool to get at least some of them back... best of luck," the hacker wrote.</span></p> <p><span style="font-weight: 400;">This was not the first time BlockSec has leveraged its internal system to save funds for projects. BlockSec was able to </span><a href="https://www.theblock.co/linked/144491/stablecoin-dex-saddle-finance-hacked-for-10-million"><span style="font-weight: 400;">rescue</span></a><span style="font-weight: 400;"> $3.8 million from the exploiters of Saddle Finance in April 2022. In February it recovered </span><a href="https://www.theblock.co/post/212966/platypusdefi-salvages-2-4-million-in-hacked-funds-with-blocksecs-help"><span style="font-weight: 400;">$2.4 million</span></a><span style="font-weight: 400;"> from Platypus Finance hackers.</span></p> <p><span style="font-weight: 400;">Paraspace did not immediately respond to a request for comment.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>