SushiSwap Exploited for $3.3M

Published on

Decentralized exchange SushiSwap recently suffered an exploit, leading to the loss of over $3.3 million from at least one user.

The exploit is related to an approve-related bug on the RouterProcessor2 contract, which has been recommended to be revoked on all chains by cybersecurity firms PeckShield and Ancilia, Inc., as well as SushiSwap Head Chef Jared Grey. The root cause of the exploit, according to Ancilia, Inc., is due to a flaw in the internal swap() function.

This exploit involves allowing an unauthorized entity to “yoink” tokens without the proper approval from the token owner by approving a bad contract. In this case, the “yoink” function was used by the first attacker, who made away with 100 ETH, followed by another hacker who stole around 1800 ETH using the same contract, but with a different function name, “notyoink.”

Reports suggest that not too many SushiSwap users are at risk, with DeFi Llama’s @0xngmi claiming that only those who swapped on SushiSwap within the last four days should be affected. However, 190 Ethereum addresses have approved the problematic contract, and more than 2000 addresses on Layer 2 Arbitrum have seemingly approved it as well.

Despite the news, the price of Sushi’s governance token fell by only 0.6% in the hour since the incident broke. SushiSwap Head Chef Jared Grey tweeted that they are “working with security teams to mitigate the issue” and are seeking a $3 million legal defense fund from Sushi DAO after the exchange was subpoenaed by the U.S. Securities and Exchange Commission.

This incident serves as a reminder of the importance of regularly checking contracts and addressing vulnerabilities promptly to prevent significant losses for users. It also highlights the need for security measures to protect users from such exploits in the decentralized finance (DeFi) space, which has seen a significant rise in popularity in recent years. As the DeFi industry continues to grow, so does the need for improved security measures to ensure the safety of users’ funds.

Image

Latest articles

Ripple Secures Full Payment Institution License from Singapore’s Central Bank

SINGAPORE — Ripple, a prominent player in the digital payment industry, announced that it...

Bitcoin Whales Amass Record Holdings, Now Hold 66% of Supply

Prominent Bitcoin ($BTC) investors have engaged in substantial accumulation of the flagship cryptocurrency throughout this year, amassing a total of 13.03 million coins in their holdings, marking the highest level in 2023.

SEC Takes First Enforcement Measure Against NFTs Regulatory Body Concludes Impact Theory’s NFTs Were Marketed as Unregistered Securities

U.S. regulatory authorities have mandated a Los Angeles company, which had previously issued non-fungible tokens (NFTs), to provide compensation to investors who had procured the aforementioned NFTs.

Binance Cuts Ties with Sanctioned Russian Banks Amid Regulatory Compliance Efforts

Binance has severed its affiliations with five Russian banks that were under sanctions, having been previously featured on the exchange's peer-to-peer platform for ruble fund transfers, the native currency of Russia.

More like this

Bitcoin Whales Amass Record Holdings, Now Hold 66% of Supply

Prominent Bitcoin ($BTC) investors have engaged in substantial accumulation of the flagship cryptocurrency throughout this year, amassing a total of 13.03 million coins in their holdings, marking the highest level in 2023.

SEC Takes First Enforcement Measure Against NFTs Regulatory Body Concludes Impact Theory’s NFTs Were Marketed as Unregistered Securities

U.S. regulatory authorities have mandated a Los Angeles company, which had previously issued non-fungible tokens (NFTs), to provide compensation to investors who had procured the aforementioned NFTs.

Binance Cuts Ties with Sanctioned Russian Banks Amid Regulatory Compliance Efforts

Binance has severed its affiliations with five Russian banks that were under sanctions, having been previously featured on the exchange's peer-to-peer platform for ruble fund transfers, the native currency of Russia.