SushiSwap Suffers $3.3M exploit, Some Funds Recovered

Let's move on to another exploit. This time on SushiSwap, which lets you trade without registering. 

As a result, the company tweeted a warning to “beware of an exploitable 

SushiSwap RouteProcess02 contract which has been deployed to multiple chains” while also listing the affected contract addresses.

A similar tweet was made by PeckShield Inc, a blockchain security and data analytics company. “It seems the SushiSwap RouterProcessor3 contract has an approv-related bug, which leads to the loss of over $3.3M (about 1800 eth) from @0xSifu,” the company tweeted.

Jared Grey, Sushi’s head developer, confirmed the exploit and urged users to revoke permissions for all contracts on the protocol while also creating a list of contracts on GitHub with different blockchains requiring revocation.

Subsequently, he claimed that a ”large portion of affected funds” were recovered. 

“We’ve confirmed the recovery of more than 300ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH,” he stated.

A short time later, he tweeted that the incident had been resolved, saying that it was now safe to swap/trade on Sushi and that the exploited contract had been removed.

The exploit was discovered after Grey and his attorney responded to a subpoena from the U.S. Securities and Exchange Commission (SEC).

“The SEC’s investigation is a non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws. To the best of our knowledge, the SEC has not (as of this writing) made any conclusions that anyone affiliated with Sushi has violated United States federal securities laws,” Grey stated.

Previously, Gagarin News reported about the Arbitrum Discord channel’s hack.