The ParaSwap team announced on social media X that they have revoked permissions for Augustus v6 and returned all assets to affected users. Revoking a smart contract involves deactivating it on the blockchain to prevent access to the user's wallet and tokens. According to ParaSwap, currently 213 addresses have not yet revoked their rights to the defective smart contract.
ParaSwap specialists discovered the vulnerability on March 20, just a few days after the launch of a new version of the smart contract, which was designed to improve the exchange of tokens and reduce transaction fees. Fortunately, the project’s losses turned out to be relatively small: the hackers managed to steal $24,000 worth of crypto assets. After detecting the attack, the platform suspended the API and ensured the security of funds with the help of white hat hackers.
To investigate the incident, ParaSwap is working closely with analytical companies Chainalysis and TRM Labs, which helped track the movement of funds and identify the addresses of the attackers. The ParaSwap team said it attempted to contact the hackers by sending them online messages urging them to return the stolen funds. The developers warned that if the hackers do not respond by March 27, they will be considered to have embezzled other people's money. Therefore, all criminal, legal and administrative measures will be taken against attackers.
Let us recall that recently the Seneca protocol was also attacked due to the vulnerability of the smart contract, but its losses were much more serious - the protocol lost $6.4 million worth of ether. The hacker returned 80% of the stolen altcoins.