Hacking exploits on decentralized exchanges (DEXs) are on the rise, with SushiSwap reportedly the latest victim following an exploit of its smart contract resulting in the loss of over $3.3 billion. Before distributing the token across several blockchain protocols, the attacker tampered with the platform’s asset-swapping system.
Hackers Attack SushiSwap’s Smart Contract Protocol
According to reports, the decentralized exchange saw its RouteProcess02 smart contract exploited while the hacker moved the proceeds to different blockchain networks. The smart contract aggregates trade liquidity from several sources and identify the ideal token swap price on the SushiSwap platform.
According to a top crypto security firm, Ancilia, the cause of the attack was triggered by the internal swap function after the hacker had successfully bypassed the swap3callback feature. Similarly, a developer with the famous blockchain analytic firm DefilLlama, who uses the pseudonym 0xngmi, noted that the recent exploit affected only users who have already used the swapping service on the protocol in the last four days.
He suggested that affected users revert their approvals immediately or transfer their funds from the affected wallet to a new one. However, one user was reportedly the only victim of the hack. The user claimed to have lost 1,800 ETH valued at nearly $3.4 million (using the current conversion rate).
Jared Grey, the lead developer at SushiSwap, urged users to cancel all approved permissions for contracts on the network, adding that the platform contract is affected by an approval bug. Grey also created a detailed list of contracts on GitHub having different blockchains, which requires reversal to help address the problem.
Reports claim the vulnerable contract has been deployed on the Ethereum Layer-2 scaling solutions, Polygon.
Stolen Funds Recovered
Per reports, the SushiSwap team has recovered a significant part of the stolen assets via a white hat security procedure. Grey revealed that they have managed to secure a large portion of the stolen funds through a Whitehat security process, with the official calling on experts in this field to contact the network.
The protocol’s CTO, Matthew Lilley, revealed in a follow-up statement that there is no problem with the SushiSwap DEX and that users can continue using the platform. He added that all exposures to RouterProcessor2 have been addressed, and token swap activities are safe.
As a leading asset-swapping platform in the crypto industry, SushiSwap is coming under increased regulatory scrutiny after the US Securities and Exchange Commission (SEC) served a subpoena to Sushi DAO and the network’s lead developer. During the weekend, Grey released a statement addressing the SEC’s subpoena, claiming that the regulator’s probe is a non-public investigation to determine whether SushiSwap violated US federal securities laws.
Grey added that the SEC has yet to conclude that any individual or entity affiliated with Sushi has failed to comply with US securities guidelines.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.