Blockchain security company Supremacy Inc. has tweeted that DeFi aggregator ParaSwap may have been compromised, leading to multiple chains’ stolen funds. The exploit may be a result of a profanity vulnerability.
Updated 11 Oct., 10:00UTC: ParaSwap have denied any vulnerability and have said they will release a fuller explanation later.
The ParaSwap team did offer an update saying that it was investigating the issue but that the address has no power after the deployment.
Supremacy said that the deployer’s address is associated with multiple multi-sign wallets. It recommended to ParaSwap that it ensure that other multi-sign addresses are not generated by profanity.
This post will be updated as the story develops.