The DeFi protocol Paid Network has been exploited via a vulnerability that allowed an attacker to create millions of new tokens.

Millions Dumped By Hacker

Around 18:10 UTC on Mar. 5, an unknown hacker exploited a token minting function and created over 59.4 million PAID tokens, worth $166 million at the time of the attack.

Soon, the hacker moved on to selling the illicitly-created tokens on Uniswap. He successfully sold about 2.5 million PAID tokens for approximately 2000 ETH (equivalent to $3 million).

The flood of new tokens into the market instantly crashed the price of the PAID token from $2.80 to $0.40. The hacker’s wallet address still contains more than 56 million PAID tokens, worth about $24 million.

Updates On the Way

Even though the development team has denied an “inside job,” critics in the community have speculated that a founder could have carried out the attack. To support that accusation, they allege that some functions can only be called by certain addresses.

To prevent any further damage, Paid Network has announced that it is pulling liquidity from the vulnerable contract. The team is also planning to create a new smart contract to restore token balances.

In another tweet, Paid Network has promised it will publish a detailed report on the hack soon.

Disclaimer: At the time of writing this author held Cosmos.