link.png

ID:

paid-network-382

Date:

Status:

Incident Count:

March 5, 2021

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

None

info.png

Audit By:

Audits:

None

Loss Amount:

3,000,000

info.png

Recovered:

-

Rewards:

Currency:

USD, $PAID, ETH

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Ethereum

Network

Dapps

Key Management

Extended Method:

Private key leak

info.png

Days in Operation:

0

chain.png
chain.png
chain.png
chain.png
datasource.png

On March 5, 2021, the PAID Network smart contract was compromised by an attacker. By exploiting flaws in how the smart contract was secured and managed, the attacker was able to extract approximately $100 million worth of $PAID tokens, and converted about $3 million of it to Ether before being blocked by the PAID Network team.

The PAID attacker took advantage of poor key management practices at PAID, not a vulnerability in the PAID smart contract. The network relied on a single private key to manage control over the smart contract; by compromising that private key, the attacker was able to gain control over the upgrade functionality of the contract.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.