ParaSwap debunks claims of susceptibility to profanity address vulnerability
ParaSwap, a multi-chain DeFi aggregator, has debunked claims it was exploited today, saying suspicious addresses had no power after deployment.
✅ No vulnerabilities found! FACT CHECK & DON’T TRUST, VERIFY!
Follow up with analysis and explanation of what the deployer addresses are and how we ensured they were not powered at all! https://t.co/uQKVncMZof
— Paraswap (@paraswap) October 11, 2022
Superiority issued a blasphemy vulnerability warning
Blockchain security firm Supremacy Inc. claims the private key to Paraswap expander addresses may have been compromised through blasphemous exploits, adding that “funds were stolen on multiple chains.” I was. “Deployer addresses are associated with multiple multisignature wallets,” the company continued.
1/Hello @paraswap , did you hear that you want to see this? The private key of the deployer’s address may have been compromised (probably due to a blasphemy vulnerability) and funds stolen on multiple chains.https://t.co/ijHaTwAj0l
— Supremacy Inc. (@Supremacy_CA) October 11, 2022
Ann Etherscan A link attached to the tweet shows that 0.4320 ETH ($555.32) was sent to another address tagged as QANplatform Bridge Exploiter 2.
BlockSec, another blockchain security company, has confirmed that ParaSwap and Curve Finance deployer addresses are vulnerable to a blasphemy vulnerability.
1/ confirmed both @paraswap Deployer address (0x490ce4616672e93b1c8f5e43aa80312fd73dee8c) and @curve The deployer address (0x07a3458ad662fbcdd4fca0b1b37be6a5b1bcd7ac) is vulnerable to a blasphemy vulnerability. Private keys can be recovered. https://t.co/APRXSt1gJh
—BlockSec (@BlockSecTeam) October 11, 2022
ParaSwap Debunks Exploit Claims
ParaSwap researched Supremacy and found it “not vulnerable.” The DeFi platform said the address was “paid gas and retired,” adding that “profane addresses usually have a trailing zero.”
The company also said it would “follow up with an analysis and explanation of what the deployer’s addresses are and how they confirmed they had no power at all.”
Curve Finance has rehashed the ParaSwap statement, say it“Both are disposable expanders and you have no control over anything. So no worries there.”
Meanwhile, Paraswap team’s quick response to this situation garnered praise From the crypto community.
great response from @paraswap Concerns about possible profanity exploits.
🙏 Thanks for the quick update 🤝 https://t.co/uwP2jYpTRm pic.twitter.com/FePteO75uC— Crypto Condom (@crypto_condom) October 11, 2022
Profanity Address Vulnerability
Several crypto projects that use vanity addresses have lost millions of dollars to the Profanity vulnerability since it was identified by 1 Inch in September. A malicious player can recover the private key for any vanity address generated with Profanity.
Reports have revealed that malicious actors have used vulnerabilities to hack several crypto projects. Crypto Market Maker Wintermute Over $160 million lost due to profanity address vulnerability.