The decentralized finance (DeFi) aggregator ParaSwap has taken a significant step towards compensating victims of a recent hack by agreeing to use funds from its treasury. The ParaSwap decentralized autonomous organization (DAO) proposed the idea of refunding victims of the AugustusV6 contract vulnerability using treasury funds on April 4. After a three-day voting period, 96.81% of ParaSwap voters supported the DAO’s proposal.
The AugustusV6 contract, which was briefly live on March 18, was designed to enhance swapping efficiency and reduce gas fees. However, a critical vulnerability in the contract allowed hackers to drain funds from users who had approved the upgrade. While a quick rollback prevented a loss of $3.4 million in assets, approximately $864,000 worth of assets were still lost in the process.
ParaSwap worked closely with blockchain analytics and security firms Chainalysis and TRM Labs to identify the hacker addresses and track the movement of the funds. The ParaSwap Foundation announced that it would cover the remaining costs associated with the vulnerability, including refunds, engaging security analysts, conducting thorough contract re-audits, communicating with authorities, and executing the refund process.
On April 4, ParaSwap revealed that approximately $500,000 worth of assets had been recovered. This recovery significantly reduced the amount of funds still unaccounted for, which included users who had been drained after depositing into a compromised account.
Providing full refunds to affected users is seen as a crucial step towards ParaSwap’s long-term sustainability. Data from blockchain security firm PeckShield showed that nearly $100 million in digital assets stolen in March hacks had been recovered, with 52.8% of the hacked funds returned. Most of the recovered funds were from a security incident involving the nonfungible token (NFT) game based on the Blast network called Munchables.
ParaSwap’s decision to compensate hack victims using treasury funds demonstrates a commitment to protecting its users and maintaining trust within the DeFi community. The recovery of stolen assets and the ongoing efforts to enhance security measures are positive steps towards safeguarding the platform and its users from future vulnerabilities.