ParaSwap Resolves Vulnerability in Newly-Launched Smart Contract, Returns Crypto Assets to Users
Decentralized finance aggregator ParaSwap has addressed a critical vulnerability in its recently launched Augustus v6 smart contract and has commenced the process of returning cryptocurrency assets to affected users.
In a recent post on X, the team said that all assets have been returned to wallets that were successfully recovered by white hat hackers.
Additionally, permissions to the Augustus v6 contract have been revoked to prevent further exploitation.
213 Addresses Yet to Receive Funds
While the majority of users have had their assets returned, ParaSwap has identified 213 addresses that have yet to revoke allowances to the flawed contract.
Revoking allowances involves disabling or terminating the contract’s functionality on the blockchain, ensuring it no longer has access to users’ wallets and tokens.
If your wallet “have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT PERMISSIONS!” they wrote.
White hack recovery update: Assets have been returned to wallets which have revoked their permissions
If your wallet had assets transferred to 0x66e90d840d7c4f3473e25dd8ca361747058c6db0 and have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT… https://t.co/zraj3tSFNe
— ParaSwap (@paraswap) March 24, 2024
The vulnerability in the newly launched smart contract was discovered by ParaSwap last week.
Thanks to the timely intervention of white hat hackers, a significant loss of assets was prevented.
The platform promptly took action by submitting a comprehensive report to the appropriate authorities, initiating an investigation into the stolen funds.
ParaSwap is working closely with blockchain analytics and security firms, Chainalysis and TRM Labs, in an effort to identify the hacker addresses and trace the movement of the funds.
The team has also reached out to the identified hacker addresses through on-chain messaging, urging the return of the stolen user funds.
If the hacker fails to respond by March 27, ParaSwap will assume that the funds have been unlawfully appropriated, and they will pursue all available legal avenues to recover them.
Initially, the losses incurred were relatively small, with preliminary findings indicating that the hackers managed to abscond with only $24,000 before the vulnerability was discovered.
The vulnerability was detected in ParaSwap’s Augustus v6 smart contract on March 20, just days after its launch on March 18.
The contract aimed to enhance token swaps and reduce transfer fees.
Upon discovering the vulnerability, ParaSwap promptly paused the application programming interface (API) and secured the funds through the assistance of white hat hackers.
Hacks Continue to Haunt Crypto Industry
Hacks and exploits have become a mounting concern in the crypto industry, particularly within the realm of decentralized finance (DeFi) applications.
According to a report by Immunefi, a total of $1.8 billion was lost to crypto hacks and scams in 2023, with 17% of the losses attributed to the North Korean Lazarus Group.
In individual incidents, hacking accounted for over $65 million (97.54%) of the stolen funds in February 2024.
As reported, bad actors have stolen $38.9 million from various Web3 projects in the first month of 2024.
One of the first major crypto hacks of the year occurred when Radiant Capital experienced a $4.5 million loss due to an empty market exploit.
Gamma Strategies, another affected platform, fell victim to a flash loan attack on January 4, shortly after the Radiant Capital incident.
