SushiSwap token allocation exploit drains $3.3M as users urged to revoke token allowances
Apr. 9, 2023
By Liam 'Akiba' Wright
SushiSwap Head Chef Jared Grey has confirmed a bug in the RouterProcessor2, yet 190 ETH has reportedly been recovered
A critical vulnerability has been identified in the DeFi protocol SushiSwap by security firm PeckShield this weekend, with the exploit involving the ‘RouterProcessor2’ contract used for trade routing on the SushiSwap exchange.
“It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss (about 1800 eth) from 0xSifu,” PeckShield posted on Twitter. SushiSwap head developer Jared Grey confirmed the issue, urging users to revoke permissions for all contracts on SushiSwap as a security measure. The bug has resulted in a loss of over $3.3 million, primarily affecting a single user, 0xsifu, known in the Crypto Twitter community.
Grey stated,
“Sushi’s RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We’re working with security teams to mitigate the issue.”
The exploit appears to have impacted users who approved SushiSwap contracts within the last four days, according to DefiLlama developer 0xngmi. Meanwhile, security teams continue to investigate the issue, track stolen funds, and work to recover affected assets.
Recovery of funds
“Recovery efforts are underway,” said Jared Grey, citing a tweet from MetaSleuth that provided a breakdown of the stolen funds. The first attacker, 0x9deff, returned 90 ETH of the 100 they had stolen, while BlockSec rescued 100 ETH and pledged to return it shortly. Negotiations between sifuvision.eth and c0ffeebabe.eth are in progress, with most stolen funds traced to “beaverbuild, rsync-builder, and Lido: Execution Layer Rewards Vault.”
To read the entire article...Click Here!
