Decentralized finance aggregator ParaSwap has begun returning cryptocurrency to users after addressing a critical vulnerability in its recently launched Augustus v6 smart contract last week.
The DeFi platform’s team posted on X on March 24, stating that they had returned all assets to wallets successfully recovered by white hat hackers and revoked permissions for AugustusV6.
According to ParaSwap, 213 addresses have yet to revoke permissions for the incorrect contract.
White hack recovery update: Assets have been returned to wallets which have revoked their permissions
If your wallet had assets transferred to 0x66e90d840d7c4f3473e25dd8ca361747058c6db0 and have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT… https://t.co/zraj3tSFNe
— ParaSwap (@paraswap) March 24, 2024
Revoking a smart contract typically involves disabling or terminating its functionality on the blockchain, preventing access to the user’s wallet and tokens.
Last week, ParaSwap announced that it had discovered a vulnerability in the recently launched smart contract, but timely intervention by white hat hackers prevented a major loss of assets from the platform.
In a separate update, the team stated that they had taken the first step by providing a comprehensive report to relevant authorities, initiating an investigation into the stolen funds.
ParaSwap is closely collaborating with blockchain analytics and security firms Chainalysis and TRM Labs and is “actively identifying hacker addresses and tracking fund movements.”
The team added that they had initiated contact with identified hacker addresses through network messaging, urging them to return users’ stolen funds.
If the hacker does not respond by March 27, “we will assume that you have appropriated the funds with unlawful intent and we will pursue all criminal, legal, and administrative avenues” to recover them, it added.
Meanwhile, reported losses were minor, with initial findings showing that hackers made off with just $24,000 before the vulnerability was discovered.
ParaSwap detected a vulnerability in its recently launched Augustus v6 smart contract on March 20, just a few days after the March 18 launch of the Augustus contract aimed at improving token exchange and reducing transfer fees.
⚠️ We discovered a critical vulnerability affecting users who approved the Augustus V6 contract.
We took immediate action by pausing the V6 API and conducting a white hack that secured funds for users who were at risk. These funds are now securely held in a Safe Wallet…
— ParaSwap (@paraswap) March 20, 2024
The platform suspended its application programming interface (API) interface after detection and secured funds with the help of white hat hacking.