DEX aggregator ParaSwap recently identified a critical security issue within the Augustus V6 contract used in approved aggregator smart contracts. The discovery prompted the temporary suspension of the V6 API and the execution of a white-hat attack to secure potentially affected funds.
This preemptive measure ensured that the funds were safeguarded in a secure wallet identifiable by its address beginning with 0x66E90. The company has committed to returning these funds to users shortly and has advised users to revoke permissions for the Augustus V6 contract immediately. The incident has impacted four addresses, leading to a combined loss of $24,000.
The project announced the vulnerability on X, revealing the prompt measures taken to minimize any possible threats to users. ParaSwap’s response included temporarily suspending the impacted API and carrying out a white-hat operation to safeguard users’ assets. The funds obtained through this operation are currently stored in a specifically designated Safe Wallet, awaiting reimbursement to the impacted users.
ParaSwap has further furnished users with resources for revoking authorization to the compromised contract and disclosed the addresses that were impacted by the occurrence. The affected parties are encouraged to contact the organization for assistance, as it has assured them that steps are being taken to reimburse the stolen funds and that more information will be shared when it becomes available.
This recent security hiccup is part of a broader trend of vulnerabilities within the decentralized finance (DeFi) sector. Earlier this month, blockchain analytics firm PeckShield identified an “approve issue” with DeFi platform Unizen, leading to over $2 million in losses. The exploit involved unauthorized approvals from the trade aggregator, prompting a warning for users to revoke such permissions.
Following the incident, SlowMist, a security company, estimated the financial damages to be over $2.1 million. The perpetrator of the attack converted the stolen Tether stablecoin into Dai. Unizen has since pledged to compensate 99% of the affected users promptly.
Further compounding the sector’s security concerns, the Blueberry DeFi protocol fell victim to a hacking incident in February. Users were advised to withdraw their funds, prompting an imminent cessation of operations due to the exploit. Further developments disclosed that a white-hat hacker had successfully recovered and safeguarded the majority of the compromised assets, precisely 366 out of 457 Ethereum. After that, the roughly $1.35 million worth of assets—aside from validator payments—were sent back to the project’s multi-sig wallet.
