Search Inside Bitcoins

SushiSwap Bug Leads To $3 Million Loss

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

SushiSwap Bug
SushiSwap Bug

Join Our Telegram channel to stay up to date on breaking news coverage

SushiSwap, a decentralized finance (DeFi) protocol, had a bug in its smart contract that caused losses worth at least $3 million during the early hours of April 9. Blockchain security companies CertiK Alert and Peckshield first reported the news.

In their reports, the security firms revealed an unusual activity concerning Sushi’s Router Processor 2 contract. Notably, the smart contract is responsible for aggregating trade liquidity from different sources. Furthermore, it determines the most favorable price for coin swapping.

Based on the reports, the bug led to losses of up to $3.3 million in just a few hours. Nevertheless, DefiLlama pseudonymous developer 0xngmi, the hack ought to affect the users that swapped in the protocol over the past four days.

SushiSwap Notice To Users

Following the attack, the head developer (“head chef”) at SushiSwap, Jared Grey, called upon users to revoke permissions for all contracts on the protocol. He said:

Sushi’s RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We’re working with security teams to mitigate the issue.

Nevertheless, measures to address the problem have already been rolled out. This includes developing a list of contracts on GitHub with different blockchains requiring revocation.

Grey also noted that more than 300ETH had already been recovered from CoffeeBabe of Sifu’s stolen funds through a white hat security process. Furthermore, they had already reached out to the Lido team concerning 700 more ETH.

It is worth mentioning that the Sushi head developer used Dune as the tool for tracking the exploit.

An Intense Weekend For The Sushi Community

The weekend was eventful for the Sushi community, with Grey and his team providing comments on April 8. These were about the recent United States Securities and Exchange Commission (SEC) subpoena. The head developer at Sushi said:

The SEC’s investigation is a non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws. To the best of our knowledge, the SEC has not (as of this writing) made any conclusions that anyone affiliated with Sushi has violated United States federal securities laws.

According to Grey, he and the entire Sushi counsel are cooperating with the investigation. Part of the cooperating entailed proposing that the ecosystem set aside a legal defense fund to respond to the subpoena. This proposal was made on Sushi’s governance forum as early as March 21.

Read More:

Join Our Telegram channel to stay up to date on breaking news coverage

Read next