ParaSwap, a decentralized exchange aggregator that provides the best prices over multiple DEXs on the Ethereum blockchain, has today confirmed it is investigating a possible private key hack. The exploit was brought to the attention of ParaSwap early today by Blockchain security firm Supremacy Inc. through a tweet thread.
The Supermacy warning read: “Your deployer address private key may have been compromised (possibly due to Profanity vulnerability). Funds have been stolen on multiple chains.”
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
ParaSwap investigating the issue
In a quick response to the posts by Supermacy ParaSwap team confirmed that it was looking into the issue saying:
“We’re investigating, but the address has no power after the deployment. Just paid the gas and retired. Profanity addresses usually have trailing zeros.”
Supermacy had included an Etherscan link to ParaSwap’s deployer contract address showing that someone accessed the aggregator’s private key and made several transactions on Fantom (FTM/USD), BNB Chain (BNB/USD), and Ethereum (ETH/USD). The transactions show that the hacker only transferred a few hundred dollars in each of the transactions.
While ParaSwap did not confirm the transaction, it did not deny any of the vulnerabilities as stated by Supermacy.
Later after confirming it was investigating the possible attack, ParaSwap in a follow-up tweet reported not finding any sign of an exploit on its deployer address. The tweet read:
“No vulnerability found! We’ll follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all!”
Invest in crypto, stocks, ETFs & more in minutes with our preferred broker, eToro.
10/10
68% of retail CFD accounts lose money