ParaSwap Might Have Been Exploited: Says Web3 Security Firm

Last Updated:
ParaSwap Might Have Been Exploited: Says Web3 Security Firm
  • A web3 security firm posted on Twitter that ParaSwap’s deployer address private key may have been hacked.
  • ParaSwap replied that they’re investigating.
  • The aggregator said it found no vulnerabilities or exploits and was going to release more info soon.

Supremacy, a Web3 security firm, has taken to Twitter to warn the decentralized exchanges (DEX) aggregator ParaSwap that its private key for deployer address may have been hacked. The post added that this is perhaps as a result of the Profanity vulnerability and that assets have been stolen across numerous chains. Along with the post, the firm added a link to the transaction detail.

The security company said in their statement that the deployer’s address is connected to many multi-sign wallets, adding that they are looking for it.

Furthermore, Supremacy adds that they may be able to work together with ParaSwap in order to remedy the issue. The security firm also pleaded with ParaSwap to make sure that none of their other multi-sign addresses were produced by using profanity. Otherwise, there could be vulnerabilities in multi-sign wallets.

ParaSwap replied to the post saying:

We’re investigating, but the address has no power after the deployment. Just paid the gas and retired. Profanity addresses usually have trailing zeros.

Some few minutes later, the aggregator said that there was no vulnerability discovered and urged users to always examine the facts and verify any information before trusting it.

Additionally, ParaSwap said that they would do more research and provide an explanation of what a deployer address is. They also added that they will explain how they ensured that the deployer had no authority at all.

ParaSwap is a decentralized exchange aggregator with the proclaimed mission to increase the number of people using DeFi by providing safe, smart, and optimal trading solutions that allow both retail and institutional investors to access various liquidity pools without much effort.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.