TL;DR
- The compromised Mithril bot exposed 57 user API keys, enabling unauthorized trades on Paradex.
- The incident underscores ongoing risks tied to third-party trading bots, where broad API access can undermine the protections users expect from non-custodial platforms.
A security incident involving the Mithril bot has led to unauthorized trades on Paradex, affecting a limited number of users who had enabled automated strategies.
Paradex confirmed that the issue did not stem from its core systems. The exchange said the incident did not impact its smart contracts, matching engine, and custody model. Instead, they traced the problem to Mithril, a third-party trading bot used by some Paradex traders.
What Happened With the Mithril Trading Bot
According to Paradex, 57 user API keys were exposed after the bot was compromised. The affected users created those keys to allow automated trading. Once the attackers gained access, they were able to place trades using the already granted permissions.
Paradex said the affected API keys were revoked shortly after the issue was identified. The exchange also added that it has not detected any further suspicious activity since taking those steps.
Several crypto news outlets initially described the episode as a Paradex bot hack. Paradex has pushed back on that framing. In its view, the incident reflects a failure of an external automation tool, not a breach of the exchange itself. No vulnerabilities were found in Paradex’s protocol or infrastructure.
Why Trading Bot Permissions Remain a Risk
Paradex operates as a non-custodial platform and does not hold user funds. However, API access granted to third-party bots can still be abused if those tools are compromised. In fact, automated trading permissions can bypass many of the protections users associate with non-custodial trading.
The incident highlights a broader risk tied to trading bots across decentralized markets. Bots can simplify execution and strategy management, but they also introduce new attack surfaces. Unfortunately, wide permissions, persistent keys, and weak key management can turn automation into a liability.
Paradex said it continues to monitor activity and is coordinating with the Mithril team as part of its response. They reminded users to review API permissions, limit trading scopes, and rotate keys when using external services.
The exchange has not disclosed estimates of total losses. It also stated that the incident appears to be contained.
>>> Read more: Paradex Chain Rollback After Pricing Glitch Triggers Liquidations | CrispyBull
As automated trading tools become more common, the Paradex Mithril bot incident serves as a reminder that security risks often sit outside the protocol itself, where visibility and controls are weaker.
