ParaSwap, a decentralized finance aggregator, has swiftly responded to a crucial vulnerability discovered in its newly rolled out Augustus v6 smart contract. The team has taken immediate action to rectify the issue and has initiated the process of reimbursing cryptocurrency assets to impacted users.
According to a recent announcement on X platform, ParaSwap has confirmed that all assets have been successfully returned to the wallets identified and recovered by ethical hackers. Furthermore, as a preventive measure, permissions to the Augustus v6 contract have been revoked to mitigate any further exploitation attempts.
213 Addresses Yet to Receive Funds
While the majority of users have successfully had their assets returned, ParaSwap has identified 213 addresses that still need to revoke allowances to the compromised contract.
Revoking allowances entails disabling or terminating the contract’s access to users’ wallets and tokens on the blockchain, ensuring their security.
“If your wallet has not received the assets yet, it remains vulnerable. PLEASE REVOKE ALL RELEVANT PERMISSIONS!” they emphasized.
The vulnerability in the recently launched smart contract was detected by ParaSwap last week. Thanks to the prompt action of ethical hackers, a significant asset loss was averted.
The platform immediately submitted a detailed report to the appropriate authorities, initiating an investigation into the stolen funds.
ParaSwap is collaborating closely with blockchain analytics and security firms such as Chainalysis and TRM Labs to identify the hacker addresses and track the movement of the funds.
The team has taken further steps by reaching out to the identified hacker addresses using on-chain messaging, urging the return of the pilfered user funds.
Should the hacker fail to respond by March 27, ParaSwap will interpret this as an illicit appropriation of the funds. In such a scenario, they will pursue all available legal avenues to reclaim them.
Initially, the losses were relatively minor, with initial estimations suggesting that the hackers managed to abscond with only $24,000 before the vulnerability was uncovered.
The vulnerability in ParaSwap’s Augustus v6 smart contract was detected on March 20, just days after its launch on March 18. The contract was designed to optimize token swaps and diminish transfer fees.
Upon uncovering the vulnerability, ParaSwap promptly halted the application programming interface (API) and safeguarded the funds with the assistance of ethical hackers.
Hacks Continue to Haunt Crypto Industry
Concerns surrounding hacks and exploits have been escalating within the crypto industry, particularly within the decentralized finance (DeFi) sector.
According to a report by Immunefi, a staggering $1.8 billion was lost to crypto hacks and scams in 2023, with 17% of these losses attributed to the North Korean Lazarus Group.
Individual incidents highlight the severity of the issue, with hacking accounting for over $65 million (97.54% of stolen funds) in February 2024 alone.
In the first month of 2024, bad actors managed to steal $38.9 million from various Web3 projects.
One notable early crypto hack of the year unfolded when Radiant Capital suffered a $4.5 million loss due to an empty market exploit.
Shortly after the Radiant Capital incident, Gamma Strategies became another victim, falling prey to a flash loan attack on January 4.