Paribus Cross-Chain Lending Agreement Suffers $100k Loss in a Cyber Attack

On April 11th, according to Paidun monitoring, the cross chain lending agreement Paribus was attacked, resulting in a loss of approximately $100000. The reason for the attack is that it adopts the fork of the old version of Compound V2, which exists a known reentry vulnerability.

The cross chain lending agreement Paribus was attacked, resulting in a loss of approximately $100000

The Paribus cross-chain lending agreement recently suffered a cyber attack that resulted in a loss of about $100,000. The attack is believed to have resulted from a known reentry vulnerability contained in the fork of the old version of Compound V2 that Paribus adopted. In this article, we’ll explore what this means, what Paribus is, and what lessons we can learn from the incident.

What is Paribus?

Paribus is a cross-chain lending agreement that operates on the Binance Smart Chain (BSC). Started in March 2021, it allows users to borrow and lend cryptocurrencies in a distributed and trustless manner. Lenders offer their assets into smart contracts, and borrowers can use these funds by providing collateral, which is also held in the smart contracts.

Incident Details

On April 11th, 2021, Paribus suffered a cyber attack that resulted in a loss of approximately $100,000. According to reports by Paidun monitoring, the attack occurred due to a known reentry vulnerability contained in the fork of the old version of Compound V2 that Paribus had adopted. The hacker was able to exploit this vulnerability to conduct a recursive call, which enabled them to borrow very large amounts of cryptocurrencies without repaying them. This led to a significant drain on the smart contracts used by Paribus, resulting in the loss.

Lessons to Learn

This incident carries several lessons for developers and organizations in the blockchain industry. First, it highlights the importance of thoroughly reviewing code before adopting it. In Paribus’s case, the decision to use an old version of Compound V2 increased their susceptibility to known vulnerabilities – a critical mistake.
Secondly, organizations must keep up-to-date with the latest security trends and best practices. In the blockchain industry, new vulnerabilities and exploits are discovered all the time, and being aware of such issues can help to prevent cyber attacks. Regular security audits of smart contracts can also help to identify and rectify potential vulnerabilities.
Lastly, developers and organizations must work to improve their response time and procedures in the event of an attack. Available data suggests that Paribus did not notice the attack immediately, which allowed the hacker to drain smart contracts for an extended period, ultimately leading to a significant loss. Having a well-defined incident response plan can help curtail such losses.

How Will Paribus Respond?

Paribus has already issued an apology to its users, stating that they take full responsibility for the incident. They have also promised to reimburse all affected accounts using a snapshot taken before the attack. While these steps are commendable, it remains to be seen how Paribus will address the root cause of the problem and prevent future attacks.

Conclusion

The attack on Paribus demonstrates the critical importance of security in blockchain systems. It is a reminder that vulnerabilities, even those that are known, can have devastating consequences. Developers and organizations must work to improve their security posture by staying informed of the latest trends, conducting regular audits, adopting best practices, improving response time, and developing flexible incident response procedures.

FAQs

1. What is Paribus?

Paribus is a cross-chain lending agreement that operates on the Binance Smart Chain (BSC). It allows users to borrow and lend cryptocurrencies in a distributed and trustless manner.

2. How did the recent Paribus cyber attack happen?

According to reports, the hacker exploited a known reentry vulnerability contained in the fork of the old version of Compound V2 that Paribus had adopted, allowing them to borrow large amounts of cryptocurrencies without returning them, ultimately resulting in a significant loss.

3. What lessons can we learn from the Paribus cyber attack?

The attack highlights the importance of thoroughly reviewing code before adopting it, staying informed of the latest security trends and best practices, conducting regular audits, improving response time, and developing flexible incident response procedures.