This article is more than six months old

BlockSec stops $5m from being stolen in failed ParaSpace hack

BlockSec stops $5m from being stolen in failed ParaSpace hack

BlockSec prevented $5 million in ETH from being stolen from ParaSpace.

Blockchain security firm BlockSec has prevented a hacker from stealing 2,909 ETH, worth almost $5 million, after catching them attempting to exploit a vulnerability in NFT lending protocol ParaSpace.

At 3:51 am London time an address funded through Railgun – a privacy and anonymity system similar to Tornado Cash – first attempted to exploit a vulnerability in ParaSpace’s code.

NOW READ: Euler hack victim who got 100 ETH: ‘He was probably moved by my message’

However, the blackhat’s contract didn’t use enough gas – a term for the small amount of ETH needed to send transactions – meaning the transactions failed.

On-chain data shows the hacker was unable to exploit ParaSpace three times early Friday morning in London.

“Somehow the attack failed due to some errors in the attack contract,” a representative from BlockSec told DL News shortly after the rescue.

“We have an internal system monitoring on-chain events and found the attempt. We then issued a rescue transaction to transfer the funds in ParaSpace to a secure account. We are working with the ParaSpace team now to figure out the details and discuss the fix to the smart contract vulnerabilities.”

A ParaSpace rep told DL News: “We are glad to report that there was no loss of user funds and that user assets and funds are safe. We have identified the root cause of the issue and will be issuing more information on what to expect next in terms of security enhancements and a postmortum on what happened.”

Sign up to the newsletter
You can change your subscription preferences later.

In a tweet this morning, ParaSpace thanked BlockSec for its “swift actions” and described the losses from the protocol as “minimal.”

BlockSec describes its hack prevention method as “proactive threat prevention.”

NOW READ: Pro-Russian neo-Nazis’ Telegram campaigns raise $5m in crypto – but it’s ‘significantly harder’

BlockSec’s software constantly listens for malicious transactions in Ethereum’s memory pool, a queue where transactions are stored before being added to newly created blocks.

When BlockSec finds a malicious transaction, its software automatically creates a rescue transaction using the hacker’s exploit method.

The rescue transaction takes the vulnerable funds before the hacker can and deposits them in BlockSec’s multi-signature wallet for safekeeping.

NOW READ: Wormhole hack recovery ‘sets a very dangerous precedent’ for DeFi

BlockSec’s software essentially copies exploits and executes them before hackers.

The ParaSpace rescue is not the first time BlockSec’s software has been put to the test. Last April, the firm rescued $3.8 million from Saddle Finance after detecting a malicious transaction targeting the protocol.

Comments, queries, feedback?


Sign up to get the topics you want delivered directly to your inbox

The RoundupThe DecentralisedThe Guidance
Choose your topics
The Roundup
The Roundup
A recap of the week's top stories
The Decentralised
The Decentralised
Your weekly guide to the world of DeFi
The Guidance
The Guidance
Your weekly guide to global regulation in crypto and DeFi