en
Back to the list

SushiSwap Suffers $3.3M Exploit; Some Funds Being Recovered

source-logo  bsc.news 10 April 2023 14:32, UTC
image

1,800 $ETH Lost, 100 $ETH Recovered

Multi-chain Decentralized Exchange (DEX) SushiSwap suffered an exploit over the weekend that resulted in the loss of 1,800 $ETH, worth more than $3.3 million.

A white-hat recovery process is ongoing and had secured some 100 $ETH, worth about $180,000, as of Monday.

Sushi's RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We're working with security teams to mitigate the issue. https://t.co/WhXJfa5xD4

— Jared Grey (@jaredgrey) April 9, 2023

Security firm Peckshield flagged the exploit of a bug in Sushi’s “RouterProcessor2” contract early in the morning on Easter Sunday. Apparently the lost funds belonged to a single trader @0xSifu.

Sushi Head Chef Jaredy Grey and other members of the team advised users to immediately revoke RouteProcessor2 token permissions in their wallets. Sushi developer Matthew Lilley said on Sunday afternoon that exposure to the flawed contract had been removed and the DEX and its liquidity pools were safe to use again.

We’re currently all hands on deck working through identifying all addresses that have been affected by the RouterProcessor2 exploit. Several rescues have been initiated, and we are continuing to monitor / rescue funds as they become available.

— I'm Software 🦇🔊 (@MatthewLilley) April 9, 2023

DefiLlama developer @0xngmi said wallets that had Sushi approvals as far back as two weeks ago might be vulnerable to the exploit.

Correction: on some chains the contracts had been deployed for up to 2 weeks, but I'm not sure if they were added to frontend back then or later with all the other deployments

Best to be safe and assume that sushi approvals in last 2 weeks are all vulnerable

— 0xngmi (llamazip arc) (@0xngmi) April 9, 2023

Early Monday morning, the official Sushi account posted a Twitter thread summing up the current status of the exploit and recovery efforts.

🚨 Update on the status of the RouteProcessor2 bug

🧵A summary below on: what happpened, what the team is working on and what you can do.

‼️ Also, beware of fake DMs of scammers reaching out to you. SUSHI TEAM/SUPPORT DOES NOT DM FIRST.

Talk to us @ https://t.co/cGda2UVpAh

👇🏻

— Sushi.com (@SushiSwap) April 10, 2023
bsc.news