Supremacy Inc., a blockchain analytics and security firm, has stated that there may have been a breach due to a “profanity vulnerability” in ParaSwap, resulting in lost of funds in numerous chains plugged to the protocol. ParaSwap is a decentralized exchange aggregator that offers the best pricing across several DEXes on the Ethereum blockchain.
The Potential Breach
Supremacy Inc provided an Etherscan link to the deployer contract address of ParaSwap. The wallet’s transactional history reveals that someone who had access to its private key earlier today performed several transfers between Ethereum, BNB Chain, and Fantom, even though they only extracted a small sum in each trade. Interestingly, neither the ParaSwap team’s answer nor its denial of any weakness stated that it had made the operations.
Several cryptocurrency enthusiasts commented on it shortly after Supremacy Inc.’s post went up. According to UpOnly co-host Cobie, the disputed 2021 token airdrop by ParaSwap, which employed a rigorous distribution strategy that left out many devoted users, is “still not as awful PR as the airdrop,” following the airdrop, PSP struggled and never fully recovered.
ParaSwap: There Was No Profanity Compromise
The Ethereum vanity address generator profanity chooses one of the 4 billion seed private keys randomly. The tool also generates public keys from these private keys, incrementing them continuously until they reach the desired vanity address. Earlier last year, it experienced a vulnerability that left money stored in profanity wallets open to theft. In response to the claim made by Supremacy Inc., ParaSwap tweeted:
“We’re investigating, but the address has no authority after the deployment. After paying for the petrol, I retired. Typically, profanity addresses end in zeros……This is merely a retired deployer address with no power at all.”
The community got a notification in the form of a tweet from ParaSwap that no vulnerabilities had been discovered, which is important to note.
Additionally, it urged readers to investigate the facts and disregard all other sources. Additionally, ParaSwap said it would follow up with an analysis and an understanding of what a deployer ip is and how they ensured they had no power.
ParaSwap’s Dedication To Its Users
The ParaSwap DEX aggregator protocol issued PSP, its token, on the Ethereum blockchain on November 15th, 2021. The company planned to airdrop 150 million PSP tokens to reward its early adopters.
Approximately 20,000 of ParaSwap’s early customers who had stayed active on the site since its launch will get 7.5 per cent (150 million PSP) of the token’s total supply of two billion, as stated in the company’s announcement.
The 12-person core team would receive 17.6% of the tokens, while 5% would be set aside for potential team members, 14% would go to startup shareholders, reserves would retain 10%, and 51% would stay in the network.
Less than a month ago, crypto market maker Wintermute lost $160M worth of cryptocurrencies in a vulnerable private key hack. Wintermute used a ‘Profanity vanity private address key generator, which blockchain security solutions provider Certik believe was the fire that fueled the money loss.