Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

March 5, 2021

info.png

Verified

1

zerofriction.io

Loss Amount:

3,000,000

info.png

Recovered Amount:

-

Currency:

Dollars, $PAID, ETH

KYC By:

Audit By:

None

None

info.png

Website:

Twitter:

No data

Discord:

No data

Telegram:

No data

Medium:

No data

Github:

No data

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Ethereum

Network

Dapps

Poor Key Management

Extended Method:

Private key leak

Data Sources:

info.png

On March 5, 2021, the PAID Network smart contract was compromised by an attacker. By exploiting flaws in how the smart contract was secured and managed, the attacker was able to extract approximately $100 million worth of $PAID tokens, and converted about $3 million of it to Ether before being blocked by the PAID Network team.

The PAID attacker took advantage of poor key management practices at PAID, not a vulnerability in the PAID smart contract. The network relied on a single private key to manage control over the smart contract; by compromising that private key, the attacker was able to gain control over the upgrade functionality of the contract.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.