Ad
News
ParaSwap debunks claims of susceptibility to profanity address vulnerability ParaSwap debunks claims of susceptibility to profanity address vulnerability

ParaSwap debunks claims of susceptibility to profanity address vulnerability

Two blockchain security company had stated that Paraswap's deployer address might be susceptible to a pronaity vulnerability.

ParaSwap debunks claims of susceptibility to profanity address vulnerability

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Join Japan's Web3 Evolution Today

Multichain DeFi aggregator, ParaSwap has debunked claims that it suffered an exploit today, saying the suspected address had no power after deployment.

Supremacy raised alarm of profanity vulnerability

Blockchain security company Supremacy Inc. claimed that Paraswap’s deployer address private key might have been compromised due to a profanity exploit, adding that “funds have been stolen on multiple chains.” The firm continued, “the deployer’s address is associated with multiple multi-sign wallets.”

An Etherscan link attached to the tweets showed a transfer of 0.4320 ETH ($555.32) to another address tagged QANplatform Bridge Exploiter 2.

Another blockchain security firm BlockSec confirmed that ParaSwap’s and Curve Finance deployer’s addresses were vulnerable to the Profanity vulnerability.

ParaSwap debunks exploit claims

ParaSwap’s investigation into Supremacy revealed that it had “no vulnerability.” According to the DeFi platform, the address “paid the gas and retired,” adding that “Profanity addresses usually have trailing zeros.”

The firm also stated that it would “follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all!”

Curve Finance rehashed ParaSwap’s statement, saying, “both are throwaway deployers, they control nothing. So no reason to worry there.”

Meanwhile, the ParaSwap team’s prompt response to the situation attracted praise from the crypto community.

Profanity address vulnerability

Several crypto projects using Vanity addresses have lost millions to the Profanity vulnerability since it was identified in September by 1inch. Malicious players could recover private keys of any vanity address generated with Profanity.

Reports have revealed how bad actors have used the vulnerability to hack several crypto projects. Crypto market maker Wintermute lost over $160 million to the profanity address vulnerability.

Posted In: DeFi