The community behind the decentralized finance (DeFi) aggregator ParaSwap has agreed to compensate hack victims using funds from the treasury.
On April 4, the ParaSwap decentralized autonomous organization (DAO) proposed refunding the victims of the Augustus V6 contract vulnerability using its treasury funds. After a three-day voting period, 96.81% of ParaSwap voters supported the DAO’s proposal.
The ParaSwap Augustus v6 contract, which briefly went live on March 18, aimed to improve swapping efficiency and reduce gas fees. However, it contained a critical vulnerability that allowed hackers to drain funds from users who approved the upgrade.
While a swift rollback prevented a loss of $3.4 million in assets, approximately $864,000 of assets were lost. ParaSwap worked closely with blockchain analytics and security firms Chainalysis and TRM Labs to identify hacker addresses and trace fund movements.
“The (ParaSwap) Foundation will cover the remaining costs linked to the vulnerability, including refunds, security analysts, contract re-audits, communication with authorities, and the refund process,” the foundation said.
ParaSwap announced the recovery of roughly $500,000 worth of assets, reducing unaccounted-for funds by 63%. Providing full refunds to affected users is a step toward the project's long-term sustainability, according to ParaSwap.
Blockchain security firm PeckShield compiled data showing that nearly $100 million in digital assets stolen in March hacks were recovered. While losses were significant, 52.8% of hacked funds were returned, with most recovered funds coming from the NFT game based on the Blast network called Munchables.