According to various reports, a bug introduced into the Sushiswap decentralized exchange (dex) protocol smart contract has resulted in losses of more than $3 million. Blockchain and smart contract security firm Peckshield explained that the exploited contract was “implemented on multiple blockchains.”
Dex Platform Sushiswap Suffers From Smart Contract Exploitation
Over the weekend, the Sushiswap dex platform saw its RouteProcess02 contract exploited and then distributed across various blockchain networks. Blockchain security company Certik published an alert after discovering the exploit. The Peckshield company also updated the crypto community via Twitter, noting that Sushiswap’s “RouterProcessor2 contract has an approval-related bug.” The victim was also reported to be a well-known cryptocurrency advocate named sifuwho allegedly lost 1,800 ether.
Sifu may not have been the only victim, as Certik’s alert mentions that some USDC users may have been affected. “We have detected suspicious activity on (0x15d) which is a rogue router”, Certik tweeted. “Revoke permissions if you have approved this router to spend your tokens. Stay safe. Multiple users who approved the malicious contract saw their USDC transferred to (0x29e). The wallet has taken about $20,000 in the last two hours,” the company said. aggregate.
A developer known as 0xngmi has detailed that the exploit should only be problematic for those who used Sushiswap within the last four days. “Only users affected by the Sushiswap hack should be those who traded on Sushiswap in the last 4 days. If you did, please reverse the approvals ASAP or move your funds in the affected wallet to a new wallet,” 0xngmi tweeted. Sushiswap head chef Jared Gray also confirmed the exploit and then detailed that “recovery efforts were underway.”
“We have secured a large portion of the affected funds in a whitehat security process. If you have performed a whitehat recovery, please contact [email protected] for next steps,” Gray saying at 9:42 a.m. Eastern Time on April 9. “We have confirmed the recovery of more than 300 ETH of the funds stolen from Coffeebabe of Sifu. We are in contact with the Lido team regarding 700 more ETH,” Grey aggregate. Sushiswap CTO Matthew Lilley followed up later that day and saying that there are currently no issues with using the Sushiswap dex platform.
“There is no risk at this time with the use of the Sushi Protocol and the user interface. All exposure to RouterProcessor2 has been removed from the front-end, and all current LPing/exchange activity is secure,” the Sushiswap CTO explained. “We ask that all users double check their approvals, and if an address within this list below has an allocation for any of your tokens, please disapprove ASAP,” Lilley aggregate. Gray recently told the community that the Sushiswap team received a subpoena from the US Securities and Exchange Commission (SEC).
What do you think can be done to prevent smart contract bugs like this in the future? Share your thoughts in the comments below.
image credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or a solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
