ParaSwap Initiates Crypto Refunds Following Critical Smart Contract Discovery
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
On March 24, ParaSwap, a decentralized finance (DeFi) aggregator, announced the commencement of returning crypto assets to users after taking crucial measures to curtail a bug in its recently launched Augustus v6 smart contract.
The DeFi platform took swift action after discovering the bug, revoking all permissions granted to Augustus v6 to ensure the safety of user funds.
ParaSwap Urges Users to Revoke Permissions to Augustus v6
ParaSwap revealed in an X (formerly Twitter) post that it had refunded assets to users who had revoked permissions from the Augustus v6 smart contract.
White hack recovery update: Assets have been returned to wallets which have revoked their permissions
If your wallet had assets transferred to 0x66e90d840d7c4f3473e25dd8ca361747058c6db0 and have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT… https://t.co/zraj3tSFNe
— ParaSwap (@paraswap) March 24, 2024
In context, revoking a smart contract is disabling a functionality to make it inactive within a blockchain system – preventing access to users’ wallets and tokens. So, the contract can no longer be interacted with or used to execute transactions on the blockchain after it has been revoked.
Despite the majority of users having their assets returned, ParaSwap has identified 213 addresses that remain vulnerable due to their permission to Augustus v6 smart contact.
However, the DeFi platform has urged wallet address owners to take immediate action to safeguard their assets by revoking permissions.
https://x.com/paraswap/status/1771189871865909418?s=20
It could be recalled that ParaSwap’s August v6 contract went live on March 18 and aimed to improve asset swapping and reduce gas fees, but this had a drawback as the launched contract contained a critical vulnerability that allowed hackers to drain funds when connected.
https://x.com/paraswap/status/1770313086072742263?s=20
The aggregator had to collaborate with white hat hackers to successfully detect smart contract vulnerability, prevent significant loss, and recover assets.
White hat hackers, also known as ethical hackers, are professionals who help platforms identify critical compromises on launched products or ecosystems.
Meanwhile, it was revealed that the hacker had stolen about $24,000 before ParaSwap could discover the attack.
Further investigation showed that 386 addresses were affected by the bug, which led the DeFi protocol to urge victims to report any loss of funds that might have gone unidentified during the initial investigation stages.
In addition, the protocol has deactivated its support of the flawed v6 contract on its blockchain and reverted to using v5.
ParaSwap Collaborates with Security Firms & Sets Deadline for Legal Pursuit
In its decision to get to the root of the attack, ParaSwap has also announced the submission of a comprehensive report to relevant authorities to begin a detailed investigation into the bug incident and stolen funds.
Dear ParaSwap community, we are sharing an update on the recent actions taken regarding the V6 vulnerability.
1) We've taken the first step by submitting a comprehensive report to the appropriate authorities, kickstarting the investigation into the stolen funds.
2)…
— ParaSwap (@paraswap) March 25, 2024
The protocol also disclosed partnering with blockchain analytics and security firms Chainalysis and TRM Labs to identify hackers’ addresses and the fund’s movements.
ParaSwap further stated that it had contacted identified hacker addresses through on-chain messaging and advised that the stolen funds should be returned on or before March 27, 2024, 23:00 UTC.
If the hacker does respond to ParaSwap’s message after the deadline, the protocol plans to explore all available legal avenues to recover the stolen funds.
TradFi vs. DeFi: Depth Insight on Security
In a broader view, DeFi can be termed “nascent” compared to traditional finance (TradFi). New protocols for infrastructure and utility solutions seem to come up every week.
However, the need for rapid innovation and user-centric solutions has overshadowed security concerns as a long list of platforms have struggled to keep up with the fast-paced industry.
According to the Chainalysis crypto crime report for 2023, DeFi protocols accounted for 82.1% of all crypto assets stolen by hackers, which totaled $3.1 billion – up from 73.3% in 2021.
Interestingly, 64% came from cross-chain bridge protocols, specifically, the DeFi sector, where ParaSwap belongs. The protocol facilitates trading across multiple chains by acting as a DeFi aggregator, which pulls liquidity from various sources.