By Bitcoinist - 1 yil oldin - O'qish vaqti: 3 daqiqa
BlockSec xakerlarning ParaSpace’dan 5 million dollar o‘g‘irlash urinishini to‘xtatdi
Blokcheyn sanoati paydo bo'lganidan beri kripto-xakerlar mashhur bo'lgan bo'lsa-da, blokcheyn xavfsizlik firmalari sektorga xavfsizlik va shaffoflikni olib kelish uchun qattiq ishlamoqda. Bu safar BlockSec, xavfsizlik infratuzilmasini yaratishga bag'ishlangan aqlli shartnomalar bo'yicha auditorlik firmasi. oldini oldi a hacker from stealing $5 million in crypto funds from ParaSpace.
ParaSpace - bu markazlashtirilmagan kreditlash protokoli bo'lib, foydalanuvchilarga Ethereum blokcheynida turli kripto aktivlarini qarzga yoki qarzga olish imkonini beradi. Foydalanuvchilarga foizlar shaklida foiz olish uchun NFT yoki boshqa aktivlarni qarzga berish imkonini beruvchi platformadan tashqari, ParaSpace foydalanuvchilarga qarz mablag'larini garov sifatida ishlatish imkonini beradi.
The zaifliklarni in the lending protocol of this smart contract enabled the hacker to borrow assets with fewer NFTs than required as collateral, allowing the attacker to drain liquidity protocol.
Fortunately, the exploiter failed in its first attempt to execute the transaction due to insufficient gas fees he has. Meanwhile, smart-contract auditing platform BlockSec detected the hack and modified the protocol in time to prevent the hacker from liquidating the crypto asset.
Abeerah Hashim, an Associate Editor at PrivacySavvy, a trusted cyber security website, initiated a warning as a group of crypto publishers reached out.
“BlockSec-ning ushbu hujumni muvaffaqiyatli oldini olishini ko'rish ajoyib bo'lsa-da, xavfsizlik tizimlarida zaifliklar hali ham mavjud bo'lishi mumkinligini ta'kidlash juda muhimdir. Kiberhujumchilar rivojlanishda va yangi usullarni ishlab chiqishda davom etar ekan, kompaniyalar uchun potentsial tahdidlardan oldin turish uchun xavfsizlik choralarini muntazam ravishda baholash va yangilash juda muhim”.
ParaSpace hackdan keyin operatsiyalarni to'xtatdi
Voqea haqida izoh berish uchun, ParaSpace tweeted;
We alongside @BlockSecTeam have identified the cause of the exploit that occurred earlier on the ParaSpace protocol, and we are relieved to share that all user funds and assets on ParaSpace are safe and secure. No NFTs were compromised and financial losses to the protocol are minimal.
ParaSpace yana ta'kidladiki, platforma ekspluatatsiya orqali aniqlangan zaifliklarni o'chirmaguncha barcha operatsiyalarni to'xtatib qo'ygan. Boshqacha qilib aytadigan bo'lsak, har qanday tranzaksiya, pul olish yoki depozitni davom ettirish mumkin emas, chunki aqlli shartnoma jamoasi hozirda "aniqlangan zaifliklarni tuzatmoqda".
Lei Wu, co-founder and CTO at BlockSec, ta'kidlangan that the internal security function automatically monitored the transaction linked to the hack. He said that the security function has the ability to prevent a hack in real-time.
The NFT lending protocol explained the exploit had cost the smart contract a loss of 50-150 Ethereum due to the attacker “swapping between tokens during the exploit.” But ParaSpace will allocate these funds to smart-contract from its pocket to make it nothing has been lost.
Interestingly, the hacker left an on-chain message after he failed to steal the funds, asking BlockSec to return some of the gas fees he spent during the ParaSpace hack. He yozgan:
I couldn’t make it work because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, it would be nice to get at least some of that back… good luck.
BlockSec has not rescued the funds from cybercriminals for the first time. The security firm recently saved $2.4 million from the Platypus Finance exploiters in February 2022. In April 2022, it oldini oldi hackers from stealing $3.8 million from Saddle Finance.
Asl manba: Bitcoinist