Mithril Trading Bot Security Breach Exposes User Keys at Paradex

On January 21, Paradex disclosed a security incident affecting its Mithril trading bot. The platform revealed that an internal system compromise resulted in the exposure of approximately 57 user subkeys. While the incident raised immediate concerns, Paradex clarified that the exposed credentials cannot be used to withdraw funds directly from user accounts.

What Happened: The Mithril Bot Compromise

The Mithril trading bot, a tool developed by Paradex to facilitate automated trading, experienced unauthorized access to its internal systems. According to PANews reporting, this breach led to the leakage of 57 subkeys. These authentication credentials are typically generated when users authorize third-party applications or trading bots to access their accounts. The exposure represents a significant security event requiring immediate user attention.

Understanding Subkeys and the Risk Exposure

To clarify the potential impact: while these subkeys cannot withdraw funds or alter core account settings, they do grant full trading privileges. This means malicious actors could theoretically execute trades on affected accounts without explicit user authorization. This is why Paradex emphasized that the compromise, though contained, warrants caution. Subkeys serve as a bridge between user accounts and external trading applications, making their exposure particularly concerning for active traders.

Paradex’s Response and User Protection Steps

Paradex moved swiftly to contain the incident. The platform immediately suspended all XP transfers—a security measure to prevent any unauthorized activity—and revoked all subkeys connected to Mithril. The company confirmed that only users who previously authorized the Mithril bot were affected, limiting the scope of the breach. All security keys have since been invalidated, requiring affected users to re-authorize any third-party services if they wish to continue using them.

Recommendations for Account Security

Paradex has advised all users to exercise heightened caution when authorizing third-party services and applications. The platform recommends users conduct thorough risk assessments before granting trading privileges to any external tool. For those directly impacted by this Mithril incident, the guidance is to review recent trading activity for suspicious transactions and consider rotating credentials for critical accounts. Security best practices—such as using strong authentication methods and regularly reviewing account permissions—remain essential for protecting digital assets in any trading environment.