ParaSwap Initiates Crypto Refunds Following Critical Smart Contract Discovery

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

On March 24, ParaSwap, a decentralized finance (DeFi) aggregator, announced the commencement of returning crypto assets to users after taking crucial measures to curtail a bug in its recently launched Augustus v6 smart contract.

The DeFi platform took swift action after discovering the bug, revoking all permissions granted to Augustus v6 to ensure the safety of user funds.

ParaSwap Urges Users to Revoke Permissions to Augustus v6

ParaSwap revealed in an X (formerly Twitter) post that it had refunded assets to users who had revoked permissions from the Augustus v6 smart contract.

In context, revoking a smart contract is disabling a functionality to make it inactive within a blockchain system – preventing access to users’ wallets and tokens. So, the contract can no longer be interacted with or used to execute transactions on the blockchain after it has been revoked.

Despite the majority of users having their assets returned, ParaSwap has identified 213 addresses that remain vulnerable due to their permission to Augustus v6 smart contact.

However, the DeFi platform has urged wallet address owners to take immediate action to safeguard their assets by revoking permissions.

It could be recalled that ParaSwap’s August v6 contract went live on March 18 and aimed to improve asset swapping and reduce gas fees, but this had a drawback as the launched contract contained a critical vulnerability that allowed hackers to drain funds when connected.

The aggregator had to collaborate with white hat hackers to successfully detect smart contract vulnerability, prevent significant loss, and recover assets.

White hat hackers, also known as ethical hackers, are professionals who help platforms identify critical compromises on launched products or ecosystems.

Meanwhile, it was revealed that the hacker had stolen about $24,000 before ParaSwap could discover the attack.

Further investigation showed that 386 addresses were affected by the bug, which led the DeFi protocol to urge victims to report any loss of funds that might have gone unidentified during the initial investigation stages.

ParaSwap identified 386 wallets compromised by the Augustus v6 smart contract bug

In addition, the protocol has deactivated its support of the flawed v6 contract on its blockchain and reverted to using v5.


ParaSwap Collaborates with Security Firms & Sets Deadline for Legal Pursuit

In its decision to get to the root of the attack, ParaSwap has also announced the submission of a comprehensive report to relevant authorities to begin a detailed investigation into the bug incident and stolen funds.

The protocol also disclosed partnering with blockchain analytics and security firms Chainalysis and TRM Labs to identify hackers’ addresses and the fund’s movements.

ParaSwap further stated that it had contacted identified hacker addresses through on-chain messaging and advised that the stolen funds should be returned on or before March 27, 2024, 23:00 UTC.

ParaSwap’s message to the identified hacker’s address

If the hacker does respond to ParaSwap’s message after the deadline, the protocol plans to explore all available legal avenues to recover the stolen funds.

TradFi vs. DeFi: Depth Insight on Security

In a broader view, DeFi can be termed “nascent” compared to traditional finance (TradFi). New protocols for infrastructure and utility solutions seem to come up every week.

However, the need for rapid innovation and user-centric solutions has overshadowed security concerns as a long list of platforms have struggled to keep up with the fast-paced industry.

According to the Chainalysis crypto crime report for 2023, DeFi protocols accounted for 82.1% of all crypto assets stolen by hackers, which totaled $3.1 billion – up from 73.3% in 2021.

Chainalysis report highlights that DeFi accounted for 82.1% of assets stolen by hackers in 2022.

Interestingly, 64% came from cross-chain bridge protocols, specifically, the DeFi sector, where ParaSwap belongs. The protocol facilitates trading across multiple chains by acting as a DeFi aggregator, which pulls liquidity from various sources.

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.