SushiSwap Suffers $3.3M exploit, Some Funds Recovered

Photo - SushiSwap Suffers $3.3M exploit, Some Funds Recovered
SushiSwap, a decentralized finance protocol (DeFi), lost over $3 million on April 9 due to a smart contract bug.
Let's move on to another exploit. This time on SushiSwap, which lets you trade without registering. 

As a result, the company tweeted a warning to “beware of an exploitable 
SushiSwap RouteProcess02 contract which has been deployed to multiple chains” while also listing the affected contract addresses.
Source: CertiKAlert Twitter

Source: CertiKAlert Twitter

A similar tweet was made by PeckShield Inc, a blockchain security and data analytics company. “It seems the SushiSwap RouterProcessor3 contract has an approv-related bug, which leads to the loss of over $3.3M (about 1800 eth) from @0xSifu,” the company tweeted.
Source: PeckShield In Twitter

Source: PeckShield In Twitter

Jared Grey, Sushi’s head developer, confirmed the exploit and urged users to revoke permissions for all contracts on the protocol while also creating a list of contracts on GitHub with different blockchains requiring revocation.

Subsequently, he claimed that a ”large portion of affected funds” were recovered. 
“We’ve confirmed the recovery of more than 300ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH,” he stated.
Source: Jared Grey’s Twitter

Source: Jared Grey’s Twitter

A short time later, he tweeted that the incident had been resolved, saying that it was now safe to swap/trade on Sushi and that the exploited contract had been removed.
Source: Jared Grey’s Twitter

Source: Jared Grey’s Twitter

The exploit was discovered after Grey and his attorney responded to a subpoena from the U.S. Securities and Exchange Commission (SEC).

“The SEC’s investigation is a non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws. To the best of our knowledge, the SEC has not (as of this writing) made any conclusions that anyone affiliated with Sushi has violated United States federal securities laws,” Grey stated.

Previously, GNCrypto reported about the Arbitrum Discord channel’s hack.