ParaSpace Confirms an Attempted Exploit, Over $4.5M Rescued

On Saturday, several reports suggested that NFT and crypto staking protocol ParaSpace had encountered an attempted attack that put more than $4.5 million at risk. Later that day, the company confirmed those reports while announcing that it had paused its platform to find the vulnerability the attacker was trying to exploit.

Hours after the announcement, ParaSpace wrote on its Twitter handle that it had discovered shortcomings in its smart contracts but assured users that their funds were safe, including the NFTs. However, the staking platform said it lost 150 ETH ($275,000) because of price slippage during the attempted exploit and recovery.

Further, ParaSpace disclosed that it would offer a 5% bounty to blockchain security firm BlockSec, for raising the alarm about the attack.

BlockSec Intercepts Attacker

BlockSec reported the ParaSpace attack on Saturday via a tweet, claiming that its attempts to contact the staking protocol bore no fruits. The company added that it had managed to intercept the attacker and rescued 2,850 ETH worth $4.8 million.

While speaking with The Block, the BlockSec team explained that the ParaSpace hacker exploited the vulnerability in the protocol’s smart contracts to borrow extra tokens through a five-step process.

The team also narrated how it redeployed the attacker’s own contract with a few upgrades to perform the rescue. BlockSec said it held the recovered funds for some hours before returning them to ParaSpace.

The attacker would later send an on-chain message to BlockSec asking the security firm to refund them 0.7 ETH or $1,200 spent on gas. The hacker added that they lost a significant amount of money in their failed attack as they begged BlockSec to at least transfer some funds to their address.

Other BlockSec Rescue Missions

This isn’t the first time BlockSec has saved projects from losing funds. Last April, the security company rescued $3.7 million from attackers of automated market maker Saddle Finance. In addition, BlockSec recovered over $2 million from hackers of Platypus Finance last month.

Launched in 2022, ParaScape is a protocol that lets users stake ERC-20 tokens and NFTs. The firm says it supports staking for Bored Ape Yacht Club NFTs, although the two projects do not have an official partnership.

As of now, it’s unclear when the platform will resume normal operations.