Hassan Maishera
TL;DR
-
Sushiswap has suffered an exploit, losing $3.3 million in the process.
-
Developers of the protocol asked users to revoke contracts as a security measure.
Sushiswap Suffers An Approval Exploit
Decentralized exchange Sushiswap suffered an exploit on Sunday, leading to a loss of $3.3 million. Developers of the protocol announced this via Twitter during the early hours of Sunday.
The exploit specifically involves the 'RouterProcessor2' contract, which is used to conduct trade routing on the decentralized exchange. Security firm PeckShield reported that;
"It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss."
According to various tweets from multiple security firms, the $3.3 million that was stolen from the decentralized exchange came from a single user, @0xsifu, a popular trader in Crypto Twitter circles.
The exploit reportedly affected only users who approved Sushiswap contracts in the past 4 days. Sushiswap’s head developer Jared Grey asked users to revoke permissions for all contracts on SushiSwap as a security measure.
Sushi's RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We're working with security teams to mitigate the issue. https://t.co/WhXJfa5xD4
— Jared Grey (@jaredgrey) April 9, 2023
Sushiswap Recovers Some Of The Stolen Funds
The Sushiswap team has been working to recover the stolen funds, and Jared Grey announced a few hours ago that they have been successful so far. He revealed that they have been able to more than 300ETH from CoffeeBabe of Sifu's stolen funds.
He added that the development team is in contract with Lido's team regarding 700 more ETH.
SUSHI, the native token of the Sushiswap ecosystem, is up by more than 3% today and is now trading at $1.11 per coin.
We've confirmed recovery of more than 300ETH from CoffeeBabe of Sifu's stolen funds. We're in contact with Lido's team regarding 700 more ETH.
— Jared Grey (@jaredgrey) April 9, 2023
