PAID Network Reveals Private Key Compromise Led to Hack

Reading Time: 2 minutes
  • PAID Network has revealed the reasons behind Friday’s hack which saw over 59 million tokens minted
  • An attacker was able to compromise an in-house private key and amend the smart contract to mint the tokens
  • The hacker sold over 2.5 million tokens before PAID Network pulled liquidity on Uniswap

PAID Network has revealed what happened to cause the price of their token to collapse 88% on Friday, attributing the collapse to an attacker minting and selling over 59 million PAID tokens after compromising an in-house private key. The incident brought smart contract auditing back into the spotlight, with the event not covering security firm Certik in glory, seeing as they audited and passed the PAID Network smart contracts.

PAID Network Attacker Sold $3.14 Million worth of Tokens

PAID released the ‘post mortem’ of the incident yesterday, with founder Kyle Chassé explaining what happened. According to Chassé, an attacker was able to get hold of a crucial private key to the original smart contract deployer, which they then used to amend the contract to give themselves the ability to burn and re-mint tokens.

As a result, the attacker was able to mint 59,471,745.571 PAID tokens which they then tried to sell on Uniswap. 2.5 million tokens were sold for 2,040 ETH (worth $3.14 million at the time) before the attack was discovered and the PAID Network team removed their liquidity from Uniswap, mitigating the impact of the hack.

Chassé added that PAID Network will relaunch its token, removing the old token from circulation and thus ensuring that the attacker cannot sell the remaining tokens. The new tokens contract will be moved to a multisig format to prevent future hacks, while also undergoing “comprehensive security and process audits” to ensure such an attack doesn’t occur again.

Smart Contract Auditing Back Under the Spotlight

The hack puts blockchain auditing under the spotlight again, with the PAID Network smarts contracts having been audited by smart contract and blockchain security monitoring firm Certik. The incident brings back memories of the Hatch DAO exit scam, where token locking protocol TrustSwap was accused of being ineffective and instilling false trust when it failed to stop two million HATCH tokens being minted and sold, allegedly by insiders.