The platform’s head stated that the vulnerable contract was removed

​SushiSwap loses $3,3 million in a hacker attack

10.04.2023 - 09:45

415

4 min

What’s new? On April 9, a bug in the smart contract of decentralized exchange (DEX) SushiSwap led to the loss of $3,3 million in ETH coins. For example, cybersecurity company PeckShield reported unusual activity related to the approval feature in the Router Processor 2 smart contract of the Sushi protocol, which aggregates trading liquidity from multiple sources and determines the best price to exchange coins.

What else is known about the hack? According to the developer of the DefiLlama aggregator under the nickname 0xngmi, the hack should only affect users who have made an exchange using the protocol within the last four days.

SushiSwap head Jared Grey confirmed that RouteProcessor2 has an approval bug and urged users to revoke permissions for all protocol contracts. He said that the platform is working with security teams to fix the vulnerability. Thus, a list of contracts requiring revocation of approval has been created on GitHub on several blockchains.

Euler Finance DeFi protocol’s hacker returns all funds to the project

Euler Finance DeFi protocol’s hacker returns all funds to the project

The protocol’s representatives promised to provide full information on the incident on April 5

Read further

Hours after the incident, Grey said that a significant portion of the funds had been recovered with the help of whitehats. He added that the SushiSwap team is in talks with representatives of the liquid staking protocol Lido Finance about recovering another 700 ETH (~$1,3 million).

Grey later stated that users could safely trade on SushiSwap because the vulnerable contract had been removed. He also urged platform customers to confirm the removal of the approval for RouteProcessor2 on the site.

In March, the US Securities and Exchange Commission (SEC) opened an investigation into SushiSwap. At the time, Grey proposed creating a $3 million fund to cover legal expenses. On April 9, he noted that the regulator had made no findings that anyone associated with SushiSwap had violated securities laws.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy