SushiSwap DeFi Protocol Loses $3 Million in Exploit, Here’s What is Known About It

SushiSwap, a DeFi protocol, was exploited over the weekend that resulted in the loss of $3.3 million (roughly Rs. 27.03 crore). As per blockchain firms CertiK and Peckshield, a smart contract around function approvals was exploited by hackers to facilitate this attack on April 9. Researchers have claimed that SushiSwap users who engaged with the protocol between April 4 and April 9 were most likely to have been affected as part of this attack.

The smart contract that aggregates trade liquidity from multiple sources and identifies the most favourable price for swapping coins was targeted by the hackers, Cointelegraph said in a report.

It seems the @SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss (about 1800 eth) from @0xSifu.

If you have approved, please *REVOKE* ASAP!

One example hack tx:

— PeckShield Inc. (@peckshield) April 9, 2023

Jared Grey, the head developer of SushiSwap has suggested all protocol users to pull back permissions for all contracts of the Ethereum-built protocol.

We’ve secured a large portion of affected funds in a whitehat security process. If you have performed a whitehat recovery please contact for next steps.

— Jared Grey (@jaredgrey) April 9, 2023

Grey has however suggested people to avoid engaging with the protocol for the time being.

Check your addresses with this tool:

— Jared Grey (@jaredgrey) April 9, 2023

This exploit marks the second biggest hack attack in the DeFi space this year so far.

In March, DeFi lending protocol Euler Finance lost at least $177.6 million (roughly Rs. 1,455 crore) in an exploit.

Hackers who target DeFi protocols often identify vulnerabilities in the open-source nature of the platform’s code to gain unauthorised access.

Earlier last week, the US Treasury department sounded an alert that DeFi services are being severely misused to process illegal transfers. In its recent illicit finance risk assessment on decentralised finance, the Treasury found that notorious actors are exploiting vulnerabilities in the usual anti-money laundering and combating the financing of terrorism (AML/CFT) regulation.

DeFi services that fail to comply with these obligations to prevent money laundering and terrorism financing pose the most significant illicit finance risk in this domain, the assessment found.

In 2022, an array of hack attacks on DeFi protocols resulted in the loss of $3.8 billion (nearly Rs. 31,100 crore), a recent report by Chainalysis had said.

As of January this year, financial losses incurred due to crypto exploits dropped by 93 percent, as compared to the same month last year, a report by PeckShield stated in February.

Smartphone companies have launched many compelling devices over the first quarter of 2023. What are some of the best phones launched in 2023 you can buy today? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

What do you think?

Written by

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Contempt case: Filmmaker Vivek Agnihotri tenders apology in Delhi HC, discharged

Get Ready to Upgrade to Samsung Galaxy A34 5G: Exciting Launch Offers Make #AwesomeIsForEveryone a Reality!

Get Ready to Upgrade to Samsung Galaxy A34 5G: Exciting Launch Offers Make #AwesomeIsForEveryone a Reality!