ParaSwap 智能合約缺陷：數百萬美元損失？

ParaSwap 是一家去中心化金融聚合商，已解決其 Augustus v6 智能合約中的一個嚴重漏洞，並將加密貨幣返還給受影響的用戶。該漏洞讓駭客流失了資金，而白帽駭客則追回並歸還了被盜資產。 ParaSwap 正在與當局和安全公司合作調查該事件並追蹤被盜資金，並計劃在必要時採取法律行動。

Did ParaSwap's Smart Contract Vulnerability Cost Users Millions?

ParaSwap 的智慧合約漏洞是否導致用戶損失數百萬美元？

ParaSwap, a decentralized finance (DeFi) aggregator, has been scrambling to recover crypto after a critical vulnerability in its Augustus v6 smart contract was discovered last week. The bug, which emerged shortly after the contract's launch on March 18, allowed hackers to drain funds when approved.

ParaSwap 是一家去中心化金融 (DeFi) 聚合商，上週發現其 Augustus v6 智能合約存在嚴重漏洞後，該公司一直在努力恢復加密貨幣。該漏洞在 3 月 18 日合約發布後不久就出現，允許駭客在獲得批准後耗盡資金。

Did White Hat Hackers Save the Day?

白帽駭客拯救了世界嗎？

The ParaSwap team reported on March 24 that all assets recovered by white hat hackers had been returned, and permissions to AugustusV6 were revoked. However, 213 addresses have yet to revoke their allowances to the compromised contract.

ParaSwap團隊3月24日報道稱，白帽駭客追回的所有資產均已歸還，撤銷了AugustusV6的權限。然而，213 個地址尚未撤銷受損合約的許可。

How Can Users Protect Themselves?

使用者如何保護自己？

Revoking a smart contract generally involves discontinuing or disabling its blockchain operations, effectively preventing the contract from retrieving the user's wallet and tokens. ParaSwap has urged users to revoke their permissions immediately.

撤銷智能合約通常涉及停止或停用其區塊鏈操作，有效防止合約取回用戶的錢包和代幣。 ParaSwap 已敦促用戶立即撤銷其權限。

How Did ParaSwap Respond to the Breach?

ParaSwap 如何應對此次洩漏？

Upon discovering the vulnerability on March 20, ParaSwap paused its application programming interface (API) and secured at-risk funds through a white hat hack. The involvement of these hackers helped avert massive asset loss.

3 月 20 日發現該漏洞後，ParaSwap 暫停了其應用程式介面 (API)，並透過白帽駭客攻擊保護了風險資金。這些駭客的參與有助於避免大規模的資產損失。

Is ParaSwap Investigating the Hack?

ParaSwap 正在調查這次駭客攻擊嗎？

ParaSwap has submitted a detailed report to relevant authorities to facilitate the investigation of the stolen funds. They are also "actively engaged in identifying hacker addresses and tracing the movement of the funds" in collaboration with blockchain analytics and security firms Chainalysis and TRM Labs.

ParaSwap 已向相關當局提交了詳細報告，以方便對被盜資金進行調查。他們還與區塊鏈分析和安全公司 Chainaanalysis 和 TRM Labs 合作，「積極參與識別駭客地址並追蹤資金動向」。

Will ParaSwap Pursue Legal Action?

ParaSwap 會採取法律行動嗎？

ParaSwap has given hackers until March 27 to return the stolen user funds. If there is no response, the company plans to pursue recovery through legal means.

ParaSwap 已要求駭客在 3 月 27 日之前歸還被盜的用戶資金。如果沒有回應，公司計劃透過法律途徑追償。

Is the DeFi Ecosystem Vulnerable?

DeFi 生態系統是否脆弱？

The security of blockchain and DeFi platforms remains a challenge, as evidenced by previous breaches outside ParaSwap. In recent months, Shido's layer-1 blockchain and the TIME token have also been targeted by security flaws, resulting in significant losses.

區塊鏈和 DeFi 平台的安全性仍然是一個挑戰，ParaSwap 之外之前發生的違規事件證明了這一點。近幾個月來，Shido 的第一層區塊鏈和 TIME 代幣也遭遇安全漏洞，造成重大損失。