- ParaSwap has started returning funds maliciously drained from users in an exploit last week
- The DeFi platform reimbursed users who had revoked permissions to affected smart contract
- The platform used funds recovered by white hat hackers to make affected users whole
DeFi platform ParaSwap is honoring its commitment to make users whole again after suffering a smart contract exploit last week. The platform used funds recovered by white hat hackers to refund those who had canceled permissions given to the affected smart contract dubbed AugustusV6. ParaSwap disclosed that those that haven’t received funds are yet to revoke permissions to the contract adding that 213 such wallets are “still vulnerable,” meaning that the hacker can still siphon more funds from them.
Ready to Discuss the Next Steps
In an X post, the protocol shared an update noting that it has provided “the appropriate authorities” with a comprehensive report that will help in tracking the malicious actor. It’s also working with blockchain security firms like Chainalysis to trace “the movement of funds.”
Dear ParaSwap community, we are sharing an update on the recent actions taken regarding the V6 vulnerability.
1) We’ve taken the first step by submitting a comprehensive report to the appropriate authorities, kickstarting the investigation into the stolen funds.
2)…
— ParaSwap (@paraswap) March 25, 2024
ParaSwap has identified over 15 hacker addresses with most of them being on Ethereum and Arbitrum networks. In an on-chain message sent to the hacker last week, the DeFi protocol provided a grace period of up to March 27 before involving law enforcement agencies.
The protocol also indicated its willingness to “discuss the next steps” with the hacker which may include offering a bug bounty. Although the hacker initially stole $24,000, this amount has likely increased due to the 213 wallets that are still vulnerable.
SSS Loses $4 Million
ParaSwap’s move comes two days after Blast-based game SSS lost more than $4 million in an exploit. It also comes four months after a French court cleared hackers of any wrongdoing after the exploiters said that they intended to return the funds.
With the ParaSwap hacker having less than a day to return the funds and with $24,000 initially stolen, it’s to be seen whether the protocol will actualize their threat of involving law enforcement agencies.
