ParaSwap debunks claims of susceptibility to profanity address vulnerability
Multichain DeFi aggregator, ParaSwap has debunked claims that it suffered an exploit today, saying the suspected address had no power after deployment.
✅ No vulnerability found! Please check the facts & Don’t Trust, Verify!
We’ll follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all! https://t.co/uQKVncMZof
— ParaSwap (@paraswap) October 11, 2022
Supremacy raised alarm of profanity vulnerability
Blockchain security company Supremacy Inc. claimed that Paraswap’s deployer address private key might have been compromised due to a profanity exploit, adding that “funds have been stolen on multiple chains.” The firm continued, “the deployer’s address is associated with multiple multi-sign wallets.”
1/ Hi @paraswap ,I heard that you want to see this? your deployer address private key may have been compromised (possibly due to Profanity vulnerability) and funds have been stolen on multiple chains.https://t.co/ijHaTwAj0l
— Supremacy Inc. (@Supremacy_CA) October 11, 2022
An Etherscan link attached to the tweets showed a transfer of 0.4320 ETH ($555.32) to another address tagged QANplatform Bridge Exploiter 2.
Another blockchain security firm BlockSec confirmed that ParaSwap’s and Curve Finance deployer’s addresses were vulnerable to the Profanity vulnerability.
1/ We confirmed that both @paraswap deployer address (0x490ce4616672e93b1c8f5e43aa80312fd73dee8c) and @curve deployer address(0x07a3458ad662fbcdd4fca0b1b37be6a5b1bcd7ac) are vulnerable to the profanity vulnerability. The private keys can be recovered. https://t.co/APRXSt1gJh
— BlockSec (@BlockSecTeam) October 11, 2022
ParaSwap debunks exploit claims
ParaSwap’s investigation into Supremacy revealed that it had “no vulnerability.” According to the DeFi platform, the address “paid the gas and retired,” adding that “Profanity addresses usually have trailing zeros.”
The firm also stated that it would “follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all!”
Curve Finance rehashed ParaSwap’s statement, saying, “both are throwaway deployers, they control nothing. So no reason to worry there.”
Meanwhile, the ParaSwap team’s prompt response to the situation attracted praise from the crypto community.
Great response from @paraswap regarding the concern for a possible Profanity exploit.
?Appreciate the rapid updates ? https://t.co/uwP2jYpTRm pic.twitter.com/FePteO75uC— CryptoCondom (@crypto_condom) October 11, 2022
Profanity address vulnerability
Several crypto projects using Vanity addresses have lost millions to the Profanity vulnerability since it was identified in September by 1inch. Malicious players could recover private keys of any vanity address generated with Profanity.
Reports have revealed how bad actors have used the vulnerability to hack several crypto projects. Crypto market maker Wintermute lost over $160 million to the profanity address vulnerability.
»
Bitcoin 
Ethereum 
Tether 
USDC 
Dogecoin 
Cardano 
TRON 
Bitcoin Cash 
Chainlink 
Polygon 
Litecoin 
LEO Token 
Dai 
Ethereum Classic 
Hedera 
Cronos 
Stacks 
Cosmos Hub 
Stellar 
OKB 
Maker 
VeChain 
Monero 
Theta Network 
Algorand 
NEO 
Gate 
KuCoin 
Tezos 
EOS 
Synthetix Network 
IOTA 
Bitcoin Gold 
Tether Gold 
TrueUSD 
Zilliqa 
Enjin Coin 
Holo 
Ravencoin 
0x Protocol 
Siacoin 
Qtum 
Basic Attention 
Dash 
Zcash 
Decred 
NEM 
Ontology 
Lisk 
Waves 
ICON 
DigiByte 
Nano 
Numeraire 
Status 
Pax Dollar 
Hive 
Steem 
Huobi 
OMG Network 
BUSD 
Ren 
Bitcoin Diamond 
Bytom 
Kyber Network Crystal Legacy 
HUSD 
Energi 
Augur 