The crypto and NFT staking platform ParaSpace experienced an attempted exploit that put $5 million at risk, according to various reports on March 17.
ParaSpace confirms vulnerability
ParaSpace acknowledged an attack on its contracts early in the day. It paused its protocol and later said it had found the cause of the exploit.
The project additionally stated that all user funds, including NFTs were safe. ParaSpace lost 50 to 150 ETH (less than $270,000) due to price slippage during the attack and the recovery. ParaSpace said it will cover those protocol losses. Furthermore, it said that it will provide a 5% bounty to BlockSec, which informed it of the issue.
When asked about past audits, ParaSpace admitted that the issue existed despite nine audits from multiple companies — some of which occurred just months ago.
ParaSpace said it is patching the issue and noted that the protocol pause will remain until further audits. Though ParaSpace has not announced a reactivation time, it has added another limitation: large withdrawals will be time-locked.
BlockSec intercepted attacker
Crypto security firm BlockSec first reported the attack against ParaSpace at 6:50 a.m. UTC on March 17. Around that time, it intercepted the hacker and rescued 2,900 ETH ($5 million). The company attempted to contact ParaSpace but received no response.
According to BlockSec, a vulnerability in one of ParaSpace’s smart contracts allowed the attacker to borrow additional tokens through a six-step process.
BlockSec also revealed in statements to The Block that it used the hacker’s own exploit — even re-redeploying a version of the original attack contract — to recover the stolen funds forcibly. BlockSec held the rescued funds and returned them to ParaSpace.
The hacker later sent a message to BlockSec in a blockchain transaction that asked for 0.7 ETH ($1,250) of gas fees to be returned. The attacker wrote, “I lost a lot of money trying to make it work” and added: “it would be cool to get at least some of [that money] back.”
ParaSpace is a platform that allows users to stake other assets, including non-fungible tokens (NFTs) and ERC-20 tokens. Its site advertises Bored Ape Yacht Club (BAYC) staking, though the two projects are not officially associated.
Read More: cryptoslate.com
Bitcoin 
Ethereum 
Tether 
BNB 
USD Coin 
XRP 
Cardano 
Dogecoin 
Lido Staked Ether 
Polygon 
Solana 
Binance USD 
Polkadot 
Litecoin 
Shiba Inu 
TRON 
Avalanche 
Dai 
Uniswap 
Wrapped Bitcoin 
Chainlink 
Cosmos Hub 
LEO Token 
Toncoin 
Monero 
Ethereum Classic 
OKB 
Bitcoin Cash 
Stellar 
Filecoin 
Aptos 
TrueUSD 
Lido DAO 
Hedera 
Quant 
Arbitrum 
Cronos 
NEAR Protocol 
VeChain 
Algorand 
ApeCoin 
Internet Computer 
Stacks 
EOS 
Fantom 
The Graph 
The Sandbox 
Decentraland 
MultiversX 
Aave