- ParaSwap has refunded some users affected by a vulnerability in one of its Augustus V6 contract.
- The platform later contacted the hacker and issued an ultimatum.
- It remains unclear how much was stolen following the vulnerability.
Decentralized finance (DeFi) aggregator ParaSwap has commenced returning crypto assets to users recently affected by a critical vulnerability in one of the platform’s newly deployed contracts.
White hack recovery update: Assets have been returned to wallets which have revoked their permissions
If your wallet had assets transferred to 0x66e90d840d7c4f3473e25dd8ca361747058c6db0 and have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT… https://t.co/zraj3tSFNe
— ParaSwap (@paraswap) March 24, 2024
On March 20, ParaSwap identified a vulnerability in its Augustus V6 contract, allowing hackers to drain funds from over 386 exposed wallets when approved. The platform paused the contract and conducted a white hack to secure funds for users who were at risk.
See Also: Hacker Behind Phishing Attack On Rocket Pool Transfers $10M To Tornado Cash
ParaSwap Disburses User Funds, Issues Ultimatum to Hacker
According to a recent update on X, ParaSwap has returned crypto assets to wallets that revoked their permissions to the Augustus v6 contract and were successfully recovered by white hat hackers.
A few hours later, the ParaSwap team shared another post detailing its steps to identify the hacker and launch the investigation into the stolen funds.
In addition to submitting a “comprehensive report to the appropriate authorities” and collaborating with Chainalysis and TRM Labs to trace the movement of the funds, ParaSwap initiated contact with the hacker via on-chain messaging, urging them to return the stolen user funds.
The platform advised the hacker to transfer the funds directly to a specific address by March 27 or face serious consequences.
“If we do not hear back from you by Wednesday, March 27, 2024, 23:00 UTC we will assume you appropriated the funds with unlawful intent and we will pursue all criminal, legal, and administrative avenues available for the purpose of recovering the misappropriated funds,” ParaSwap wrote.
Although there is a likelihood that ParaSwap might recover the funds if the hacker heeds the call, it remains unclear how much was exactly stolen.
How Much Was Stolen?
While ParaSwap initially said only four addresses were compromised on March 20 and lost a total of $24,000, blockchain security firm Cyvers reported that the Augustus V6 contract vulnerability resulted in a total loss of $123,500.
🚨UPDATE🚨@paraswap‘s vulnerability resulted in a total loss of $123.5K across $ETH, #POLYGON, and #ARB. #ETH TRX: 0x1de32e063b42cfa8c288810871c080902847ce9e823d48975d67b6702319b3d9#Polygon TRX:
0x1de32e063b42cfa8c288810871c080902847ce9e823d48975d67b6702319b3d9… https://t.co/VX8UgWx6Uw— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 20, 2024
Meanwhile, of the 386 addresses exposed to the vulnerability, only 173 have received their funds, and 213 addresses have yet to revoke allowances to the flawed contract. Per ParaSwap, these addresses are still vulnerable and might be exploited.
Disclaimer: The information provided is not trading advice. Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
#Binance #WRITE2EARN
Register at Binance