Supremacy Inc., a blockchain security company, stated that ParaSwap may have been the victim of an attack via a Twitter storm on Tuesday.
1/ Hi @paraswap ,I heard that you want to see this? your deployer address private key may have been compromised (possibly due to Profanity vulnerability) and funds have been stolen on multiple chains.https://t.co/ijHaTwAj0l
— Supremacy Inc. (@Supremacy_CA) October 11, 2022
Rapidly responding to the posts, ParaSwap said it was investigating the situation. But after the deployment, the address is without electricity. Paid for the petrol and retired. Typical profanity addresses end with zeros.
Supremacy Inc. provided an Etherscan link to the deployer contract address of ParaSwap. The wallet’s transaction history reveals that earlier this morning, someone with access to its private key made many transactions across BNB Chain, Ethereum, and Fantom. Still, each withdrawal was for only a few hundred dollars. Notably, the ParaSwap team neither confirmed nor denied the existence of a vulnerability.
Some crypto community members responded to Supremacy Inc.’s post quickly after its publication. “Still not as bad PR as the airdrop,” added UpOnly co-host Cobie, referencing ParaSwap’s disputed 2021 token airdrop, which excluded many loyal users due to its stringent distribution scheme. PSP fell quickly after the airdrop and never recovered; according to CoinGecko, it is currently 98.8% below its all-time high.
In a subsequent tweet, ParaSwap stated that it had discovered no indication of an exploit. “No vulnerability found! We’ll follow up with analysis & an explanation of what a deployer address is and how we made sure they have no power!”