ParaSwap confirms it is investigating possible private key exploit

2 years ago 110
private key hack

ParaSwap, a decentralized exchange aggregator that provides the best prices over multiple DEXs on the Ethereum blockchain, has today confirmed it is investigating a possible private key hack. The exploit was brought to the attention of ParaSwap early today by Blockchain security firm Supremacy Inc. through a tweet thread.

The Supermacy warning read: “Your deployer address private key may have been compromised (possibly due to Profanity vulnerability). Funds have been stolen on multiple chains.”

ParaSwap investigating the issue

In a quick response to the posts by Supermacy ParaSwap team confirmed that it was looking into the issue saying:

“We’re investigating, but the address has no power after the deployment. Just paid the gas and retired. Profanity addresses usually have trailing zeros.”

Supermacy had included an Etherscan link to ParaSwap’s deployer contract address showing that someone accessed the aggregator’s private key and made several transactions on Fantom (FTM/USD), BNB Chain (BNB/USD), and Ethereum (ETH/USD). The transactions show that the hacker only transferred a few hundred dollars in each of the transactions.

While ParaSwap did not confirm the transaction, it did not deny any of the vulnerabilities as stated by Supermacy.

Later after confirming it was investigating the possible attack, ParaSwap in a follow-up tweet reported not finding any sign of an exploit on its deployer address. The tweet read:

“No vulnerability found! We’ll follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all!”

The post ParaSwap confirms it is investigating possible private key exploit appeared first on Invezz.

Read Entire Article