Blockchain security firm BlockSec has prevented an attacker from stealing around 2,900 ether (Approx. $5 million) from ParaSpace – a non-fungible token (NFT) lending protocol.
ParaSpace is a decentralized protocol that allows users to lend their NFTs and ERC-20 tokens to earn interest in return. Users can also use those lent assets as collateral to borrow from the platform.
BlockSec Saves the Day
In the early hours of Friday, an attacker exploited a vulnerability in Paraspace’s lending contracts, which would have allowed him/her to borrow assets with less NFT collateral than needed and drain the protocol’s liquidity pools. However, the hacker’s first attempt failed due to insufficient payment for gas fees to execute the transaction.
BlockSec detected the suspicious activities in time and carried out the attack as a white hat, intercepting a smart contract for 2,900 ETH ($5 million) and making changes to save the protocol from being hacked.
ParaSpace Pauses Service
ParaSpace has suspended its lending services, meaning no transactions, including withdrawals and deposits, can be conducted with its contracts. The protocol said it is currently investigating the incident and “patching the vulnerabilities identified.”
“We will resume protocol functionality once we have re-audited our platform with Secure3 and we are in active conversations with additional auditors and security experts,” ParaSpace said.
ParaSpace also assured that all NFTs supplied to the protocol are safe and have not been liquidated. However, the platform revealed that it suffered a minimal loss due to “slippage from the exploiter swapping between tokens during the exploit.”
Surprisingly, after the failed exploit, the attacker sent an on-chain message, asking BlockSec to return gas fees of around 0.7 ETH he/she had spent while trying to hack ParaSpace.
“I couldn’t make it work because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, it would be cool to get at least some of them back… best of luck,” the hacker said.
