Decentralized finance (DeFi) aggregator ParaSwap initiated cryptocurrency returns to users one week after patching a critical flaw in its AugustusV6 smart contract introduced just last week.
On March 24, the DeFi platform’s team issued a statement on X confirming that all assets have been returned to wallets that white hat hackers retrieved. Additionally, the statement stated that permissions to AugustusV6 have been revoked.
ParaSwap reports that 213 addresses have yet to revoke allowances for the faulty contract.
Typically, invoking a smart contract entails preventing it from accessing the user’s wallet and tokens and disabling or terminating its functionality on a blockchain.
A week ago, ParaSwap disclosed that it had identified a flaw in a newly launched smart contract; however, the platform averted a significant loss of assets due to the prompt intervention of white hat hackers.
The group announced in a separate update that it had initiated the investigation into the misappropriated funds by submitting a thorough report to the relevant authorities.
“Actively engaged in identifying hacker addresses and tracing the movement of the funds,” ParaSwap states in close collaboration with blockchain analytics and security firms Chainalysis and TRM Labs.
The group further stated that they had employed on-chain messaging to establish communication with the identified malware addresses to obtain the return of the stolen user funds.
It added that “we will assume you unlawfully appropriated the funds and pursue all criminal, legal, and administrative avenues” to recover them if the hacker does not respond by March 27.
Preliminary investigations revealed that the hackers escaped unscathed with a mere $24,000 at the time, indicating that the financial losses were purportedly minimal.
ParaSwap identified the susceptibility in its recently introduced AugustusV6 smart contract on March 20, mere days after the Augustus contract commenced operations on March 18, to enhance token exchanges and diminish transfer charges.
After discovering the breach, the platform halted the application programming interface (API) and utilized a white hat attack to recover the funds.