By Bitcoinist - 1 年前 - 阅读时间:3 分钟
BlockSec 挫败了黑客从 ParaSpace 窃取 5 万美元的企图
尽管自区块链行业出现以来,加密黑客攻击一直很突出,但区块链安全公司正在努力为该行业带来安全性和透明度。 这一次,致力于构建安全基础设施的智能合约审计公司 BlockSec 已经 防止 a hacker from stealing $5 million in crypto funds from ParaSpace.
ParaSpace 是一种去中心化借贷协议,允许用户在以太坊区块链上借贷各种加密资产。 除了允许用户借出 NFT 或其他资产以收取利息形式的百分比的平台外,ParaSpace 还允许用户使用借入的资金作为抵押品。
漏洞 in the lending protocol of this smart contract enabled the hacker to borrow assets with fewer NFTs than required as collateral, allowing the attacker to drain liquidity protocol.
Fortunately, the exploiter failed in its first attempt to execute the transaction due to insufficient gas fees he has. Meanwhile, smart-contract auditing platform BlockSec detected the hack and modified the protocol in time to prevent the hacker from liquidating the crypto asset.
Abeerah Hashim, an Associate Editor at PrivacySavvy, a trusted cyber security website, initiated a warning as a group of crypto publishers reached out.
“虽然很高兴看到 BlockSec 成功阻止了这次攻击,但重要的是要注意安全系统中的漏洞仍然存在。 随着网络攻击者不断发展和开发新方法,公司定期评估和更新其安全措施以领先于潜在威胁至关重要。”
ParaSpace 在被黑后暂停运营
对事件发表评论,ParaSpace 啾啾;
We alongside @BlockSecTeam have identified the cause of the exploit that occurred earlier on the ParaSpace protocol, and we are relieved to share that all user funds and assets on ParaSpace are safe and secure. No NFTs were compromised and financial losses to the protocol are minimal.
ParaSpace 进一步指出,平台已暂停所有操作,直到它消除了通过利用确定的漏洞。 换句话说,任何交易、取款或存款都无法进行,因为智能合约的团队目前正在“修复已识别的漏洞”。
Lei Wu, co-founder and CTO at BlockSec, 突出 that the internal security function automatically monitored the transaction linked to the hack. He said that the security function has the ability to prevent a hack in real-time.
The NFT lending protocol explained the exploit had cost the smart contract a loss of 50-150 Ethereum due to the attacker “swapping between tokens during the exploit.” But ParaSpace will allocate these funds to smart-contract from its pocket to make it nothing has been lost.
Interestingly, the hacker left an on-chain message after he failed to steal the funds, asking BlockSec to return some of the gas fees he spent during the ParaSpace hack. He 写:
I couldn’t make it work because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, it would be nice to get at least some of that back… good luck.
BlockSec has not rescued the funds from cybercriminals for the first time. The security firm recently saved $2.4 million from the Platypus Finance exploiters in February 2022. In April 2022, it 防止 hackers from stealing $3.8 million from Saddle Finance.
原始来源: Bitcoin是