• ParaSpace hack resulted in the loss of over 50% of user funds.
  • The platform has recovered $5.4 million from the funds.
  • ParaSpace removed the CEO’s admin access, but he has refused to comply.

ParaSpace, a decentralized finance (DeFi) platform for non-fungible tokens (NFTs), recently confirmed that it suffered a hack in which over 50% of user funds were not returned to the protocol.

Based on the information provided by internal team members, which is verifiable on-chain, ParaSpace stated that 2,909 Ethereum (ETH) tokens worth over $5.4 million were recovered from the March 18, 2023 hack.

Additionally, the ParaSpace team discovered that an Externally Owned Account (EOA) wallet was administering the stolen funds. Furthermore, over $1 million has outflown to centralized exchanges (CEXs) and Circle (USDC) redemptions.

In the official statement, ParaSpace claimed Yubo Ruan, the CEO and Chief Technology Officer (CTO), was responsible for these actions because he had exclusive control over the protocol’s finances. The team stated:

We did not manage or have access to the protocol’s finances. As we began establishing ParaSpace as a legal entity, we requested access to and visibility over these financial items only to receive delays and vague responses from Ruan.

In securing the protocol’s multi-sig, the ParaSpace team withdrew Ruan’s admin access, including addresses not directly controlled by the group, added two team member addresses, and increased the required signatories from two to four.

Interstingly, ParaSpace noted that Ruan has refused to comply with the team’s requests to remove user funds and stepped down from his roles as CEO and CTO despite speaking directly with him.

The team regretted not identifying the issue earlier, acknowledging that a hole in the treasury is something they can directly fill. Notably, ParaSpace plans to host a live stream to provide updates on recovery efforts.

source