If decentralized exchanges can perform rollbacks—a process in which a blockchain application resets its state to a previous point in time to correct erroneous data or transactions after a technical error—wouldn't this affect the decentralization that these platforms claim to support, or could it be misused in the future?
Paradex seems to run a "centralized sequencer" on their appchain, which is provided by the Starknet software stack (Starknet is an Ethereum layer-2). This means that they're essentially a private blockchain. One could also describe that model as a "CEX which instead of using a traditional database adds a blockchain structure, but without adding the blockchain consensus mechanism".
So it's not surprising that such a rollback is possible without major difficulties. If it was a Proof of Stake chain, the rollback would have been much more complicated. They would have to have convinced validators to adopt a rollback feature, just as Ethereum did in their TheDAO rollback in 2016.
First of all this was not real decentralized exchange, and I honestly doubt they had real Bitcoin mainnet listed.
This was probably some of their token XYZ-biTc0iN on some random blockchain, and not the real bitcoin.
Proof for that is that rollback happened on some random chain, not on bitcoin blockchain.
I'd also not describe that really as a DEX.
There's still a difference to a CEX: The users indeed hold their coins on their own addresses with their own private keys (based on the Ethereum address scheme), so in theory the "Not your keys, not your coins" doesn't apply. However, this isn't worth that much if you can "receive" coins and then the centralized entity, while they can't steal your coins directly, they can revert that transaction to your address.
And the withdrawal process also makes the rollback (or other centralized intervention) easier. Of course on the appchain the Bitcoins are not real Bitcoins but tokens on that appchain. There is a native mechanism to send the "Paradex-Bitcoins" to the Ethereum mainnet and get wrapped Bitcoins for them (which are still not "real" Bitcoins, but at least if you use e.g. Threshold tBTC they're relatively decentralized tokens). But that mechanism seems to be quite complicated and thus most users use "bridges", which are in reality CEXes, which take your Paradex "BTC" and then send you real BTC.
Of course a call from the Paradex management would have stopped all that bridge activity, and the withdrawals from those wo got Bitcoins for nearly $0 would thus be stopped.
From a legal standpoint this could however be challenging. Even if it was a "glitch", there are now probably many angry users who will claim they got legit Bitcoins for a low price ...
