First spotted by blockchain security firm PeckShield, one of SushiSwap’s approval contracts used for trade routing had an unknown bug that allowed a bad actor to swipe crypto from wallets that had connected to it.
“It seems the SushiSwap RouterProcessor2 contract has an approve-related bug, which leads to the loss of >$3.3M loss (about 1,800 ETH) from @0xSifu
If you have approved https://etherscan.io/address/0x044b75f554b886a065b9567891e45c79542d7357#code, please *REVOKE* ASAP!”
SushiSwap’s “head chef” or CEO Jared Grey acknowledged PeckShield’s post and urged anyone who interacted with the contract to revoke their wallets’ approvals. He recommended using Revoke.Cash, a decentralized application (DApp) that allows users to quickly see all the approvals they’ve given for a wallet, and revoke the permissions if they want to.
According to Grey, a portion of the stolen ETH has already been recovered, and more may be recovered soon afterward.
“We’ve secured a large portion of affected funds in a whitehat security process. If you have performed a whitehat recovery please contact email@example.com for next steps.
We’ve confirmed recovery of more than 300 ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH.”
According to SushiSwap’s CTO Matthew Hilley, there is currently no risk associated with using the Sushi protocol.
“There is no risk at this time with using Sushi Protocol, and the UI (user interface). All exposure to RouterProcessor2 has been removed from the front end, and all LPing / current swap activity is safe to do.”
News of the exploit triggered a brief correction for SUSHI as the crypto asset dropped from $1.13 yesteday to a low of $1.07. SUSHI has bounced back since and is trading at $1.11 at time of writing.
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/d1sk/Andy Chipus