Key Highlights
- About 57 user subkeys linked to Mithril trading bots were compromised.
- Paradex revoked all affected subkeys and temporarily paused XP transfers as a precaution.
- No user funds were withdrawn, as subkeys cannot access balances.
Paradex said today it has revoked access for a third-party trading bot after Mithril’s internal systems were breached, allowing an attacker to compromise roughly 57 user subkeys linked to the bot. The exchange moved quickly to disable all affected subkeys, limiting the impact to users who had granted Mithril permission to trade on their behalf.
According to the exchange, subkeys are limited-permission credentials commonly used by bots and external apps. While they allow automated trading, they cannot withdraw funds. Paradex said no customer balances were lost.
What happened and who was affected
The breach originated outside Paradex’s core infrastructure. Mithril’s internal systems were compromised, allowing the attacker to access subkeys that had been granted trading permissions by users. Paradex stressed that it does not control how third-party services store or secure these keys.
Only accounts connected to Mithril’s trading bots were exposed. Users who were never granted subkey access were not affected.
Immediate response from Paradex
Paradex said it took rapid containment steps once the issue was identified:
- All subkeys associated with Mithril trading accounts were revoked.
- XP transfers were temporarily paused and are expected to be re-enabled shortly.
- Users impacted by the incident were automatically protected from further bot-driven trades.
Paradex also used the incident to remind users of the risks around third-party tools, stressing that traders should think carefully about whom they trust before granting any account permissions.
Security concerns resurface after recent outages
The bot breach comes on the heels of another rough episode for Paradex. Earlier this month, a database maintenance error briefly showed Bitcoin trading at zero on the Starknet-based exchange, setting off liquidations and forcing the team to execute a rare chain rollback.
Although Paradex later refunded $650,000 to affected users and fully restored trading, the incident raised questions about operational risk on appchain DEXs. With the Mithril compromise now added to the timeline, the platform is facing renewed scrutiny as it works through a string of high-pressure tests.
Platform activity remains high despite turbulence
Even after the setbacks, trading on Paradex hasn’t slowed much. The exchange is still moving about $1.6 billion a day, with open interest near $647 million and roughly $221 million locked on the platform, a sign traders haven’t walked away.
For users, the incident serves as a reminder of where risks really show up. Core systems may hold, but third-party tools can become weak links. As Paradex noted, handing over a subkey is a trust decision, and one that deserves real caution.
Also read: Ripple’s Stablecoin Is Now Live on Binance for Trading
