1. Attacker loads contract deployer address with ETH. Tx: https://etherscan.io/tx/0x28494ebcd854735e4d84f55890f0a92376d1af17553d998b2ee391a25dbc18c7
  2. Attacker calls ‘transferOwnership’ function on PAID token contract from PAID deployer address. Tx: https://etherscan.io/tx/0x733dd279b3d24f3415f3850b8eceafc651c1998163dcd0352b9e83c46e2b33d9
  3. Attacker deploys a new contract. Tx: https://etherscan.io/tx/0xfe6eb5800741e986d6375d8e3f94eefd00cc64ba8896389142fdb6162a34d9b8
  4. Attackers burns PAID tokens on the staking rewards address. Tx: https://etherscan.io/tx/0x3a483dd881d98541ebbd51e9a64daa700546bae9c2b33a30c2192f9981334b9b
  5. Attacker mints 59,471,745.571 tokens, which he sends to his address. Tx: https://etherscan.io/tx/0x4bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0
  6. Attacker approves trading on Uniswap for his address. Tx: https://etherscan.io/tx/0x1a23506c2a53e9811ebe7ab9d78ba1ab9e02766d2440ff152437a3176a314a38
  7. Attacker proceeds to sell 2,501,203 $PAID tokens on Uniswap for a total of 2,040.4339 ETH before being stopped by the PAID Network team’s efforts to pull Uniswap liquidity. All funds (PAID and ETH) remain at the attacker’s address, found here: https://etherscan.io/address/0x18738290af1aaf96f0acfa945c9c31ab21cd65be

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store