ParaSwap took the initiative to refund cryptocurrency to its users after uncovering a critical bug in its smart contract.
Last week, ParaSwap identified a critical vulnerability in the AugustusV6 smart contract. Since then, the exchange has returned assets to users who revoked their permissions for the affected contract.
The decentralized finance (DeFi) aggregator ParaSwap began returning cryptocurrency to users after fixing a serious bug in the recently launched AugustusV6 smart contract.
In a statement on X on March 24, the ParaSwap team announced that all assets have been returned to wallets that were successfully recovered by white hat hackers. The team also revoked permissions for the AugustusV6 smart contract.
The ParaSwap team also noted that as of March 24, 213 addresses had not revoked their allowances to the affected contract.
When a user revokes a smart contract, they essentially deactivate the contract’s functionality on the blockchain and prevent it from accessing the user’s wallet and tokens.
Last week, ParaSwap discovered a flaw in a recently launched smart contract. Thankfully, white hat hackers intervened and prevented a significant loss of assets from the platform.
In addition to addressing the security vulnerability, the ParaSwap team reported the incident to the relevant authorities to investigate the stolen funds.
ParaSwap has also established a close partnership with blockchain analytics and security companies, such as Chainalysis and TRM Labs, to actively pursue the identification of hacker addresses and track the movement of the funds.
In addition to tracing the stolen funds, the ParaSwap team reached out to the identified hacker addresses via on-chain messaging, urging them to return the user funds.
If the hacker did not respond by March 27, “we assumed you appropriated the funds with unlawful intent, and we pursued all criminal, legal, and administrative avenues” to recover them, it added.
According to the findings at the time, the hackers managed to steal only $24,000 before detecting the vulnerability, so the total losses were relatively small.
The vulnerability was discovered in the recently launched AugustusV6 smart contract, only two days after it went live on March 18. The smart contract is intended to improve token swaps and reduce transfer fees.
After detecting the security flaw, ParaSwap halted the API and secured the funds via a white hat hack.
Read also: Ethereum Foundation alongside zkSync allocates $900K for ZK Layer 2 development
