PAID Network Compromised Mint Key
PAID Network had $27M+ minted after a compromised deployer key re-minted ~59M PAID; the attacker dumped ~2.5M for $3M before the team paused. PAID fell ~85%.
- Date
- Victim
- PAID Network
- Chain(s)
- Status
- Partially Recovered
On March 5, 2021, PAID Network's deployer/mint key was compromised and used to re-mint the PAID token, issuing roughly 59 million PAID to attacker addresses. About 2.5M PAID was dumped for ~$3M before the team paused and migrated the token. Nominal minted value was ~$27M+; realized theft ~$3M. PAID fell ~85% and the incident was initially suspected to be an insider rug before being attributed to a key compromise.
What happened
The PAID token contract retained mint authority on a single key. That key was compromised; the attacker minted ~59M PAID and sold ~2.5M into liquidity for ~$3M before the contract was paused and a token migration/snapshot reimbursed holders.
Why it matters
PAID Network is an early, prominent "unlimited mint authority on a single key" incident, and a textbook case of the key-compromise-vs-insider-rug ambiguity (Grand Base, Snowdog). The mitigation is the catalogue's single most-repeated piece of advice: mint authority must be renounced or behind multi-sig + timelock; a single mint key is a loaded weapon pointed at every holder, whether the trigger is pulled by a thief or the founder. The migration/snapshot recovery also previews the standard token-issuer remediation later used by PlayDapp and others.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-paid-network-hack-march-2021
- [02]altcoinbuzz.iohttps://www.altcoinbuzz.io/finance-and-funding/real-exploit-or-rug-pull-paid-network-attack/
- [03]rekt.newshttps://rekt.news/paid-rekt