ParaSwap resolves Augustus V6 contract bug, begins returning crypto to users
ParaSwap, a decentralized finance aggregator, has started returning crypto to users after fixing a critical vulnerability in its Augustus v6 smart contract identified last week.
The smart contract bug emerged shortly after the contract’s introduction on March 18, aimed at improving swapping efficiency and reducing gas fees. However, the contract contained a critical vulnerability, allowing hackers to drain funds when approved.
The ParaSwap team reported on X on March 24 that all assets recovered by white hat hackers had been returned, and permissions to AugustusV6 were revoked.
The team further noted that 213 addresses have yet to revoke their allowances to the compromised contract.
Revocation of a smart contract generally involves discontinuing or disabling its blockchain operations, which effectively hinders the contract’s capability to retrieve the user’s wallet and tokens.
The vulnerability was first discovered on March 20, with the platform responding by pausing its application programming interface (API) and securing at-risk funds through a white hat hack. The involvement of white hat hackers helped avert massive asset loss.
ParaSwap has since been proactive in addressing the aftermath of the security breach, submitting a detailed report to the relevant authorities to facilitate the investigation of the stolen funds.
“Actively engaged in identifying hacker addresses and tracing the movement of the funds,” ParaSwap states in close collaboration with blockchain analytics and security firms Chainalysis and TRM Labs.
The group also said that they had started talking to the hackers through on-chain messages and urged them to return the stolen user funds.
If there’s no response by March 27, ParaSwap plans to pursue recovery through legal means.
At the time, the losses were allegedly minor, with preliminary data suggesting that the hackers got away with just $24,000 before the vulnerability was identified.
The security of blockchain and DeFi platforms remains hard, as seen by previous breaches outside ParaSwap.
On Feb. 29, Shido’s layer-1 blockchain suffered a security breach, causing its token value to plummet over 90% within 30 minutes. The exploit, reported by PeckShield on X, resulted in the theft of over 4.3 billion Shido tokens, nearly half of its circulating supply.
Another significant security flaw was exploited earlier on Dec. 8, targeting the TIME token and leading to a $188k loss. It involved manipulating the Forwarder contract to execute transactions from a falsified sender address, deceiving the contract’s verification process.
