By Bitcoinist - 1 年前 - 閱讀時間:3 分鐘
BlockSec 挫敗了黑客從 ParaSpace 竊取 5 萬美元的企圖
儘管自區塊鏈行業出現以來,加密黑客攻擊一直很突出,但區塊鏈安全公司正在努力為該行業帶來安全性和透明度。 這一次,致力於構建安全基礎設施的智能合約審計公司 BlockSec 已經 防止 a hacker from stealing $5 million in crypto funds from ParaSpace.
ParaSpace 是一種去中心化借貸協議,允許用戶在以太坊區塊鏈上借貸各種加密資產。 除了允許用戶借出 NFT 或其他資產以收取利息形式的百分比的平台外,ParaSpace 還允許用戶使用借入的資金作為抵押品。
脆弱性 in the lending protocol of this smart contract enabled the hacker to borrow assets with fewer NFTs than required as collateral, allowing the attacker to drain liquidity protocol.
Fortunately, the exploiter failed in its first attempt to execute the transaction due to insufficient gas fees he has. Meanwhile, smart-contract auditing platform BlockSec detected the hack and modified the protocol in time to prevent the hacker from liquidating the crypto asset.
Abeerah Hashim, an Associate Editor at PrivacySavvy, a trusted cyber security website, initiated a warning as a group of crypto publishers reached out.
“雖然很高興看到 BlockSec 成功阻止了這次攻擊,但重要的是要注意安全系統中的漏洞仍然存在。 隨著網絡攻擊者不斷發展和開發新方法,公司定期評估和更新其安全措施以領先於潛在威脅至關重要。”
ParaSpace 在被黑後暫停運營
對事件發表評論,ParaSpace 啾啾;
We alongside @BlockSecTeam have identified the cause of the exploit that occurred earlier on the ParaSpace protocol, and we are relieved to share that all user funds and assets on ParaSpace are safe and secure. No NFTs were compromised and financial losses to the protocol are minimal.
ParaSpace 進一步指出,平台已暫停所有操作,直到它消除了通過利用確定的漏洞。 換句話說,任何交易、取款或存款都無法進行,因為智能合約的團隊目前正在“修復已識別的漏洞”。
Lei Wu, co-founder and CTO at BlockSec, 突出 that the internal security function automatically monitored the transaction linked to the hack. He said that the security function has the ability to prevent a hack in real-time.
The NFT lending protocol explained the exploit had cost the smart contract a loss of 50-150 Ethereum due to the attacker “swapping between tokens during the exploit.” But ParaSpace will allocate these funds to smart-contract from its pocket to make it nothing has been lost.
Interestingly, the hacker left an on-chain message after he failed to steal the funds, asking BlockSec to return some of the gas fees he spent during the ParaSpace hack. He 寫道::
I couldn’t make it work because of a stupid gas estimation error. Since I lost a lot of money trying to make it work, it would be nice to get at least some of that back… good luck.
BlockSec has not rescued the funds from cybercriminals for the first time. The security firm recently saved $2.4 million from the Platypus Finance exploiters in February 2022. In April 2022, it 防止 hackers from stealing $3.8 million from Saddle Finance.
原始來源: Bitcoin是