ParaSwap 智能合约缺陷：数百万美元损失？

ParaSwap 是一家去中心化金融聚合商，已解决其 Augustus v6 智能合约中的一个严重漏洞，并将加密货币返还给受影响的用户。该漏洞让黑客流失了资金，而白帽黑客则追回并归还了被盗资产。 ParaSwap 正在与当局和安全公司合作调查该事件并追踪被盗资金，并计划在必要时采取法律行动。

Did ParaSwap's Smart Contract Vulnerability Cost Users Millions?

ParaSwap 的智能合约漏洞是否导致用户损失数百万美元？

ParaSwap, a decentralized finance (DeFi) aggregator, has been scrambling to recover crypto after a critical vulnerability in its Augustus v6 smart contract was discovered last week. The bug, which emerged shortly after the contract's launch on March 18, allowed hackers to drain funds when approved.

ParaSwap 是一家去中心化金融 (DeFi) 聚合商，上周发现其 Augustus v6 智能合约存在严重漏洞后，该公司一直在努力恢复加密货币。该漏洞在 3 月 18 日合约发布后不久就出现，允许黑客在获得批准后耗尽资金。

Did White Hat Hackers Save the Day?

白帽黑客拯救了世界吗？

The ParaSwap team reported on March 24 that all assets recovered by white hat hackers had been returned, and permissions to AugustusV6 were revoked. However, 213 addresses have yet to revoke their allowances to the compromised contract.

ParaSwap团队3月24日报道称，白帽黑客追回的所有资产均已归还，并撤销了AugustusV6的权限。然而，213 个地址尚未撤销对受损合约的许可。

How Can Users Protect Themselves?

用户如何保护自己？

Revoking a smart contract generally involves discontinuing or disabling its blockchain operations, effectively preventing the contract from retrieving the user's wallet and tokens. ParaSwap has urged users to revoke their permissions immediately.

撤销智能合约通常涉及停止或禁用其区块链操作，有效防止合约取回用户的钱包和代币。 ParaSwap 已敦促用户立即撤销其权限。

How Did ParaSwap Respond to the Breach?

ParaSwap 如何应对此次泄露？

Upon discovering the vulnerability on March 20, ParaSwap paused its application programming interface (API) and secured at-risk funds through a white hat hack. The involvement of these hackers helped avert massive asset loss.

3 月 20 日发现该漏洞后，ParaSwap 暂停了其应用程序编程接口 (API)，并通过白帽黑客攻击保护了风险资金。这些黑客的参与有助于避免大规模的资产损失。

Is ParaSwap Investigating the Hack?

ParaSwap 正在调查此次黑客攻击吗？

ParaSwap has submitted a detailed report to relevant authorities to facilitate the investigation of the stolen funds. They are also "actively engaged in identifying hacker addresses and tracing the movement of the funds" in collaboration with blockchain analytics and security firms Chainalysis and TRM Labs.

ParaSwap 已向有关当局提交了详细报告，以方便对被盗资金进行调查。他们还与区块链分析和安全公司 Chainaanalysis 和 TRM Labs 合作，“积极参与识别黑客地址并追踪资金动向”。

Will ParaSwap Pursue Legal Action?

ParaSwap 会采取法律行动吗？

ParaSwap has given hackers until March 27 to return the stolen user funds. If there is no response, the company plans to pursue recovery through legal means.

ParaSwap 已要求黑客在 3 月 27 日之前归还被盗的用户资金。如果没有回应，公司计划通过法律途径追偿。

Is the DeFi Ecosystem Vulnerable?

DeFi 生态系统是否脆弱？

The security of blockchain and DeFi platforms remains a challenge, as evidenced by previous breaches outside ParaSwap. In recent months, Shido's layer-1 blockchain and the TIME token have also been targeted by security flaws, resulting in significant losses.

区块链和 DeFi 平台的安全性仍然是一个挑战，ParaSwap 之外之前发生的违规事件就证明了这一点。近几个月来，Shido 的第一层区块链和 TIME 代币也遭遇安全漏洞，造成重大损失。