SushiSwap Exploited for $3.3M

Published on

numen cyber focuses on Web3 Security and Threat Detection and Response. They provide industry-leading Web3 Security Solutions, which
can completely cover cybersecurity requirements of all kinds.

Decentralized exchange SushiSwap recently suffered an exploit, leading to the loss of over $3.3 million from at least one user.

The exploit is related to an approve-related bug on the RouterProcessor2 contract, which has been recommended to be revoked on all chains by cybersecurity firms PeckShield and Ancilia, Inc., as well as SushiSwap Head Chef Jared Grey. The root cause of the exploit, according to Ancilia, Inc., is due to a flaw in the internal swap() function.

This exploit involves allowing an unauthorized entity to “yoink” tokens without the proper approval from the token owner by approving a bad contract. In this case, the “yoink” function was used by the first attacker, who made away with 100 ETH, followed by another hacker who stole around 1800 ETH using the same contract, but with a different function name, “notyoink.”

Reports suggest that not too many SushiSwap users are at risk, with DeFi Llama’s @0xngmi claiming that only those who swapped on SushiSwap within the last four days should be affected. However, 190 Ethereum addresses have approved the problematic contract, and more than 2000 addresses on Layer 2 Arbitrum have seemingly approved it as well.

Despite the news, the price of Sushi’s governance token fell by only 0.6% in the hour since the incident broke. SushiSwap Head Chef Jared Grey tweeted that they are “working with security teams to mitigate the issue” and are seeking a $3 million legal defense fund from Sushi DAO after the exchange was subpoenaed by the U.S. Securities and Exchange Commission.

This incident serves as a reminder of the importance of regularly checking contracts and addressing vulnerabilities promptly to prevent significant losses for users. It also highlights the need for security measures to protect users from such exploits in the decentralized finance (DeFi) space, which has seen a significant rise in popularity in recent years. As the DeFi industry continues to grow, so does the need for improved security measures to ensure the safety of users’ funds.

Image

Latest articles

Gensler’s SEC Alleges BNB is a Security, How Binance Will Beat the Charges

On June 5th, 2023, the United States Securities and Exchange Commission (SEC) filed a...

How Binance Plans to Fight Back: A Closer Look at Their Defense Against SEC Charges

In what appears to be a renewed effort to exert control over the cryptocurrency market, the U.S. Securities and Exchange Commission (SEC) has levied serious allegations against Binance, the world's leading cryptocurrency exchange, and its founder, Changpeng Zhao.

U.S. Securities and Exchange Commission Sues Binance, Changpeng Zhao


In a significant legal development, the Securities and Exchange Commission (SEC) has taken decisive action against Binance, the global leader in cryptocurrency exchange.

Bail Approved: Terraform Labs’ Do Kwon Walks Free, But What Lies Ahead?

The cryptocurrency world recently witnessed a major development, with Terraform Labs co-founder Do Kwon...

More like this

Gensler’s SEC Alleges BNB is a Security, How Binance Will Beat the Charges

On June 5th, 2023, the United States Securities and Exchange Commission (SEC) filed a...

How Binance Plans to Fight Back: A Closer Look at Their Defense Against SEC Charges

In what appears to be a renewed effort to exert control over the cryptocurrency market, the U.S. Securities and Exchange Commission (SEC) has levied serious allegations against Binance, the world's leading cryptocurrency exchange, and its founder, Changpeng Zhao.

U.S. Securities and Exchange Commission Sues Binance, Changpeng Zhao


In a significant legal development, the Securities and Exchange Commission (SEC) has taken decisive action against Binance, the global leader in cryptocurrency exchange.