The decentralized exchange liquidity aggregator ParaSwap has commenced the process of reimbursing users after addressing a critical vulnerability in its newly launched smart contract, Augustus v6.
White hack recovery update: Assets have been returned to wallets which have revoked their permissions
If your wallet had assets transferred to 0x66e90d840d7c4f3473e25dd8ca361747058c6db0 and have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT… https://t.co/zraj3tSFNe
— ParaSwap (@paraswap) March 24, 2024
According to the platform, 213 addresses have yet to revoke permissions.
On March 20, the ParaSwap team announced that they had discovered a vulnerability in the smart contract but responded promptly to the incident.
⚠️ We discovered a critical vulnerability affecting users who approved the Augustus V6 contract.
We took immediate action by pausing the V6 API and conducting a white hack that secured funds for users who were at risk. These funds are now securely held in a Safe Wallet…
— ParaSwap (@paraswap) March 20, 2024
“We took immediate action by pausing the V6 API and conducting a white hack that secured funds for users who were at risk. These funds are now securely held in a safe wallet,” stated representatives of the liquidity aggregator.
ParaSwap reported collaborating with law enforcement agencies. The project team added that they initiated contact to identify hacker addresses, urging the return of stolen funds.
If the hacker does not respond by March 27, ParaSwap will “use all criminal, legal, and administrative means” to recover the assets.
The damage was not substantial due to the developers’ swift response, with several users collectively losing about $24,000.
Experts at Immunefi estimated the damage to cryptocurrency projects from hacks and scams in February at $67 million.
In March, the DeFi protocol Mozaic Finance lost $2 million in a hacking attack.
The decentralized exchange WOOFi reported a theft of $8.75 million following an exploit of its swap service in the Arbitrum L2 network.