Decentralized exchange (DEX) SushiSwap (SUSHI) has reportedly been hacked for 1,800 Ethereum (ETH) worth about $3.3 million at the time of the exploit.
First spotted by blockchain security firm PeckShield, one of SushiSwap’s approval contracts used for trade routing had an unknown bug that allowed a bad actor to swipe crypto from wallets that had connected to it.
Says PeckShield,
“It seems the SushiSwap RouterProcessor2 contract has an approve-related bug, which leads to the loss of >$3.3M loss (about 1,800 ETH) from @0xSifu
If you have approved https://etherscan.io/address/0x044b75f554b886a065b9567891e45c79542d7357#code, please *REVOKE* ASAP!”
SushiSwap’s “head chef” or CEO Jared Grey acknowledged PeckShield’s post and urged anyone who interacted with the contract to revoke their wallets’ approvals. He recommended using Revoke.Cash, a decentralized application (DApp) that allows users to quickly see all the approvals they’ve given for a wallet, and revoke the permissions if they want to.
According to Grey, a portion of the stolen ETH has already been recovered, and more may be recovered soon afterward.
“We’ve secured a large portion of affected funds in a whitehat security process. If you have performed a whitehat recovery please contact security@sushi.com for next steps.
We’ve confirmed recovery of more than 300 ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH.”
According to SushiSwap’s CTO Matthew Hilley, there is currently no risk associated with using the Sushi protocol.
“There is no risk at this time with using Sushi Protocol, and the UI (user interface). All exposure to RouterProcessor2 has been removed from the front end, and all LPing / current swap activity is safe to do.”
News of the exploit triggered a brief correction for SUSHI as the crypto asset dropped from $1.13 yesteday to a low of $1.07. SUSHI has bounced back since and is trading at $1.11 at time of writing.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/d1sk/Andy Chipus