Multichain DeFi aggregator, ParaSwap has debunked claims that it suffered an exploit today, saying the suspected address had no power after deployment.
✅ No vulnerability found! Please check the facts & Don’t Trust, Verify!
We’ll follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all! https://t.co/uQKVncMZof
— ParaSwap (@paraswap) October 11, 2022
Supremacy raised alarm of profanity vulnerability
Blockchain security company Supremacy Inc. claimed that Paraswap’s deployer address private key might have been compromised due to a profanity exploit, adding that “funds have been stolen on multiple chains.” The firm continued, “the deployer’s address is associated with multiple multi-sign wallets.”
1/ Hi @paraswap ,I heard that you want to see this? your deployer address private key may have been compromised (possibly due to Profanity vulnerability) and funds have been stolen on multiple chains.https://t.co/ijHaTwAj0l
— Supremacy Inc. (@Supremacy_CA) October 11, 2022
An Etherscan link attached to the tweets showed a transfer of 0.4320 ETH ($555.32) to another address tagged QANplatform Bridge Exploiter 2.
Another blockchain security firm BlockSec confirmed that ParaSwap’s and Curve Finance deployer’s addresses were vulnerable to the Profanity vulnerability.
1/ We confirmed that both @paraswap deployer address (0x490ce4616672e93b1c8f5e43aa80312fd73dee8c) and @curve deployer address(0x07a3458ad662fbcdd4fca0b1b37be6a5b1bcd7ac) are vulnerable to the profanity vulnerability. The private keys can be recovered. https://t.co/APRXSt1gJh
— BlockSec (@BlockSecTeam) October 11, 2022
ParaSwap debunks exploit claims
ParaSwap’s investigation into Supremacy revealed that it had “no vulnerability.” According to the DeFi platform, the address “paid the gas and retired,” adding that “Profanity addresses usually have trailing zeros.”
The firm also stated that it would “follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all!”
Curve Finance rehashed ParaSwap’s statement, saying, “both are throwaway deployers, they control nothing. So no reason to worry there.”
Meanwhile, the ParaSwap team’s prompt response to the situation attracted praise from the crypto community.
Great response from @paraswap regarding the concern for a possible Profanity exploit.
?Appreciate the rapid updates ? https://t.co/uwP2jYpTRm pic.twitter.com/FePteO75uC— CryptoCondom (@crypto_condom) October 11, 2022
Profanity address vulnerability
Several crypto projects using Vanity addresses have lost millions to the Profanity vulnerability since it was identified in September by 1inch. Malicious players could recover private keys of any vanity address generated with Profanity.
Reports have revealed how bad actors have used the vulnerability to hack several crypto projects. Crypto market maker Wintermute lost over $160 million to the profanity address vulnerability.
Credit: Source link
Bitcoin 
Ethereum 
Tether 
BNB 
USD Coin 
XRP 
Lido Staked Ether 
Cardano 
Dogecoin 
Solana 
Polygon 
TRON 
Litecoin 
Polkadot 
Binance USD 
Avalanche 
Shiba Inu 
Dai 
Wrapped Bitcoin 
Uniswap 
LEO Token 
Chainlink 
Cosmos Hub 
OKB 
Monero 
Toncoin 
Ethereum Classic 
Stellar 
Bitcoin Cash 
TrueUSD 
Lido DAO 
Internet Computer 
Filecoin 
Quant 
Aptos 
Hedera 
Cronos 
Arbitrum 
NEAR Protocol 
VeChain 
ApeCoin 
The Graph 
Pax Dollar 
Frax 
Algorand 
The Sandbox 
EOS 
MultiversX 
Rocket Pool 
Optimism 