Is Paradex Safe?
Risk Grade: C- (51/100)
Paradex is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Elevated risk — centralized Privacy Council DA, instant multisig upgrades, and centralized oracle create structural vulnerabilities that L2Beat independently rates 'Bad', combined with 83% TVL decline since January 2026.
Paradex is a ZK-STARK perpetuals exchange operating as a Starknet AppChain (the 'Paradex Chain'), offering cross-margin and portfolio-margin futures on 85+ pairs with up to ~100x leverage. Launched in October 2023 and incubated by Paradigm, Paradex peaked at $226M TVL in January 2026 and has since declined to $39.5M. Its C- grade reflects multiple structural centralization risks that L2Beat independently rates as 'Bad': encrypted state data availability controlled by a 3-of-3 Privacy Council, a fully centralized sequencer with no censorship resistance, and instant contract upgrade capability with no timelock. A May 2025 audit found 2 Critical and 4 High vulnerabilities, all of which were fixed before the report was published.
TVL
$40M
Mechanisms
7
Interactions
6
Value Grade
D+
Key Risks for Paradex Users
Your funds can be frozen by the Privacy Council: Paradex's state data is encrypted, and reconstruction requires all three Privacy Council members to provide decryption keys. If the council is unavailable or fails, user USDC in the exchange cannot be withdrawn. L2Beat independently rates this 'Bad' for fund safety.
The team can upgrade contracts instantly with no delay: two multisigs (2/5 and 3/6) can change the Paraclear contract holding all user USDC with zero timelock. Users have no ability to exit before an upgrade takes effect. Only the cryptographic verifier has a delay (8 days).
The centralized oracle controls all liquidation prices: Paradex uses a single executor to submit mark prices for all 85+ markets. If this oracle fails, lags, or is manipulated, your position can be liquidated at incorrect prices. The May 2025 audit found and fixed a Critical oracle re-initialization vulnerability in the current codebase.
TVL has declined 83% since January 2026 peak: the $226M peak TVL has contracted to $39.5M in 4 months, indicating significant user outflows. The DIME governance token is down 71% from its March 2026 ATH. Declining trading volumes and TVL increase the probability that the protocol cannot sustain operations or the insurance fund adequacy.
Top Risk Factors
- •Encrypted data availability controlled by a 3/3 Privacy Council: Paradex posts encrypted state diffs to Ethereum as EIP-4844 blobs. All three Privacy Council members must provide decryption keys for data availability to hold. L2Beat rates this 'Bad' — if the Privacy Council fails to disclose keys, user funds can be permanently frozen. Users cannot independently reconstruct L2 state without this council.
- •Centralized sequencer with no censorship resistance: a single centralized sequencer processes all transactions. L2Beat rates sequencer censorship resistance as 'Bad' — there is no mechanism to force transaction inclusion if the sequencer is offline or censoring. No escape hatch exists.
- •Instant contract upgrades with no timelock: two Paradex multisigs (2/5 and 3/6 thresholds) can upgrade core contracts including Paraclear (which holds all user USDC) with zero delay. Users cannot exit before an upgrade takes effect. Only the SHARP verifier contract has an 8-day upgrade delay.
- •Centralized oracle for all mark prices and liquidations: Paradex uses a single centralized executor to submit EWMA-based mark prices used for liquidations. The May 2025 audit found and fixed a Critical oracle re-initialization vulnerability. This centralization was acknowledged as an ongoing risk with a 'long migration plan' to on-chain validation.
How Paradex Compares to Peers
Paradex ranks #50 of 56 Derivatives protocols (bottom quartile — among the riskiest). At a risk score of 51/100, it's 11 points riskier than the sector average of 40/100.
Adjacent peers: Hyperliquid HLP (C, 50/100) is ranked just safer, and Aevo (C-, 51/100) is ranked just riskier.
See the full Derivatives sector leaderboard or the Paradex vs Aevo comparison.
Common Questions about Paradex
Plain-English answers based on Paradex's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Interaction Severity (18/20).
Has Paradex ever been hacked or exploited?
Paradex has a fairly clean operational history. The track record dimension scored 3/15, indicating minor or no significant incidents on record. A clean track record is a positive signal but it does not guarantee future safety, especially as protocol complexity grows.
How much money is at stake in Paradex?
Paradex currently holds roughly $40M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Paradex?
Hindenrank has identified specific collapse scenarios for Paradex. The most prominent: "Privacy Council Failure and State Freeze". The trigger condition is All three Privacy Council members are simultaneously unavailable (legal action, hardware failure, or coordinated regulatory action), or 2-of-3 members collude with the centralized sequencer to finalize a fraudulent state root on Ethereum.. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Paradex regulated or insured?
Paradex has some regulatory exposure (6/10), typical of mid-sized DeFi protocols. There is no specific enforcement action on record, but the structure includes elements that regulators have flagged in similar protocols. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Paradex?
Hindenrank's retail-focused risk audit flagged: Your funds can be frozen by the Privacy Council: Paradex's state data is encrypted, and reconstruction requires all three Privacy Council members to provide decryption keys. If the council is unavailable or fails, user USDC in the exchange cannot be withdrawn. L2Beat independently rates this 'Bad' for fund safety. The team can upgrade contracts instantly with no delay: two multisigs (2/5 and 3/6) can change the Paraclear contract holding all user USDC with zero timelock. Users have no ability to exit before an upgrade takes effect. Only the cryptographic verifier has a delay (8 days). The centralized oracle controls all liquidation prices: Paradex uses a single executor to submit mark prices for all 85+ markets. If this oracle fails, lags, or is manipulated, your position can be liquidated at incorrect prices. The May 2025 audit found and fixed a Critical oracle re-initialization vulnerability in the current codebase. On the technical side, 1 critical-severity interaction risk has been identified.
Should beginners deposit into Paradex?
Paradex's C- grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Paradex compare to safer Derivatives alternatives?
Paradex is one protocol in Hindenrank's Derivatives coverage. The safest Derivatives protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Paradex against the full Derivatives ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Paradex risk report.
Read the Full Paradex Risk Report
This protocol has 2 collapse scenarios. 1 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.