Paradex faces another issue within a week: 57 accounts' sub-keys leaked, causing concerns over consecutive failures in the short term

Paradex has experienced two serious issues within just two days. Following the price display anomaly on January 19-20 that led to massive liquidations, the platform today reported that the Mithril trading robot was attacked, resulting in the leak of approximately 57 users’ sub-keys. Although the official quickly revoked related permissions, the frequent failures have begun to shake users’ confidence in this Starknet ecosystem star exchange.

Event Summary

What exactly happened

According to the latest news, Paradex reported that the internal system of the Mithril trading robot was compromised by attackers, leading to the leak of about 57 users’ sub-keys. While these leaked sub-keys cannot be used directly for withdrawals, they do have account trading permissions, and are typically used to connect third-party applications with trading robots.

Paradex’s response measures include: suspending all XP transfers and revoking all sub-keys related to Mithril. Affected users are limited to those who actively authorized the Mithril robot.

What does sub-key leakage mean

Here, a technical detail needs to be understood. In crypto wallets and exchanges, sub-keys (or API keys) are common ways to connect third-party applications. Their permissions can usually be finely configured, such as allowing only trading but prohibiting withdrawals. The leaked sub-keys, while unable to withdraw funds, do have trading permissions, meaning attackers can use the leaked keys to perform trading operations on these 57 accounts.

Background Amplification: Frequency of Paradex’s issues

More concerning is the timing of these events. This is the second serious problem Paradex has encountered in less than 48 hours.

This frequency is indeed alarming. Although Paradex is an important exchange in the Starknet ecosystem, with a 24-hour trading volume of about $2.72 billion, the rapid succession of technical failures and security incidents indicates systemic stability issues.

The double risk of third-party authorization

This incident also exposes a broader issue: the risks associated with third-party application integrations. When users authorize trading robots, they often generate sub-keys for third-party applications. But doing so shifts the risk to the security defenses of those third-party apps.

Risks faced by users include:

• Inadequate security protections of third-party applications
• Attacks on third-party applications leading to key leaks
• Even if the exchange itself is secure, permissions granted to third parties may still be abused

Paradex’s official reminder is straightforward: users need to be cautious when authorizing third-party services, and should assess the risks themselves. Essentially, choosing the convenience of third-party robots means accepting corresponding security risks.

The essence of the trust crisis

On a deeper level, these two issues reflect problems with the exchange’s operational capabilities. Even if Paradex adopts advanced Starknet technology and ranks among the top in Perp DEX trading volume, its fundamental system stability and security defenses remain insufficient.

Especially after the price malfunction on January 19-20, when the official was forced to roll back the blockchain to restore order, confidence in decentralized exchanges was already shaken. Now, with another security incident emerging immediately, user doubts will deepen further.

Summary

Paradex’s consecutive technical and security issues in a short period highlight underlying system stability risks. Although the recent Mithril robot attack had a limited scope (only 57 accounts, and no withdrawal capability), combined with recent frequent failures, it signals that users need to be more cautious when choosing exchanges and third-party applications, weighing convenience against security. For users who have authorized third-party applications, regularly reviewing and revoking unnecessary permissions is a wise move at this time.