SushiSwap Exchange Suffers Major $3.3 Million Smart Contract Hack – Here’s What Happened
SushiSwap, a well-known decentralised exchange (DEX) platform, lost more than $3.3 million as a result of a hacker taking advantage of a flaw in a smart contract.
More precisely, the DEX witnessed the distribution of its RouteProcess02 contract, a smart contract that gathers trade liquidity from many sources and determines the most advantageous price for exchanging currencies, across several blockchain networks.
The internal swap() function will use swapUniV3() to set the variable “lastCalledPool ” which is at storage slot 0x00, according to a tweet from crypto security company Ancilia. Subsequently, the swap callback method bypasses the permission check.
Only users who switched in the protocol over the last four days, according to DefiLlama pseudonymous coder 0xngmi, should be impacted by the breach.
“Only users who have exchanged on Sushiswap in the recent four days should be affected by the attack. If you did, immediately reverse approvals or transfer your money from the impacted wallet to another one’, 0xngmi tweeted.
The hack has so far affected at least one person. The victim, a well-known crypto supporter by the name of Sifu, apparently lost 1,800 ETH, which is equivalent to roughly $3.3 million.
According to Jared Grey, the principal developer for Sushi, “Sushi’s RouteProcessor2 contract has an approval problem; please remove approval Quickly.” users are being advised to revoke rights for all contracts on the protocol.
In order to solve the issue, he also compiled a list of contracts on GitHub that use several blockchains and call for revocation. It is noteworthy that the weak contract is also installed on Polygon, a well-liked Ethereum layer-2 solution.
SushiSwap Recovers a “Large Portion” of Stolen Funds
By the use of white hat security techniques, the SushiSwap team was able to retrieve a sizable percentage of the monies that were taken.
“We’ve used a whitehat security procedure to safeguard a significant chunk of the impacted monies. Grey started at 9:42 a.m. Eastern Time on April 9 that “if you have done a whitehat recovery, please contact security@sushi.com for future actions.”
Matthew Lilley, CTO of Sushiswap, responded later in the day and indicated there aren’t any problems right now with using the Sushiswap dex platform. All front end exposure to RouterProcessor2 has been eliminated, and it is safe to engage in any LPing or current swapping activities, he continued.
After the US Securities and Exchange Commission’s recent subpoenaing of Sushi DAO and Grey, the current hack coincides with heightened regulatory scrutiny of the DEX.
The organisation made the subpoena public on March 21 by submitting a request to the Sushi DAO for the creation of a legal defence fund to pay for potential legal fees.
The SEC’s investigation is a non-public, fact-finding inquiry trying to ascertain whether there have been any violations of the federal securities laws, according to a statement made by Grey about the subpoena over the weekend.
Smart contract development requires specific knowledge of blockchain technology, which our developers possess. We know how to design and implement effective code that utilizes the latest technologies to reach the desired result. Furthermore, we have extensive experience in deploying various blockchain protocols such as Hyperledger Fabric, Quorum, Corda, R3, and Stellar – ensuring that your project will be built with the most suitable protocol for your needs.