BTC

$63755.294

2.96%

ETH

$3135.101

1.82%

BNB

$588.683

1.53%

XRP

$0.534

1.32%

Scam Alert

SushiSwap Hacked, Causing Personal Damage $3.3 Million

April 9, 2023 - Around 2 mins mins to read
Key Points:
  • SushiSwap was the victim of an exploit that cost at least one user more than $3.3 million.
  • The attack makes use of a RouterProcessor2 contract approve-related issue.
  • SushiSwap users who have exchanged in the previous four days may be impacted.
The SushiSwap decentralized exchange has just been hacked. Notably, an individual named 0xSifu has suffered damages of up to $3.3 million.
SushiSwap Hacked, Causing Personal Damage $3.3 Million

The attack takes use of an approve-related issue in the RouterProcessor2 contract, which PeckShield and SushiSwap Head Chef Jared Gray advise revoking on all chains.

This flaw enables an unauthorized party (hacker) to take tokens without the approval of the owner.

At first, a 100 ETH assault surfaced, which everyone assumed was the work of a white hat hacker.

However, shortly after, another hacker continued the chain of assault by mining 1,800 ETH using a similar smart contract but under the name “notyoink.”

According to @0xngmi, a DeFi Llama member, only individuals that switched on SushiSwap during the previous four days were related. DeFi Llama has also provided a list of contracts that must be canceled across all chains, as well as an add-on tool for determining which user wallet addresses are engaged.

Ancilia says that the main reason is that in the internal swap() method, it will use swapUniV3() to set the variable “lastCalledPool,” which is at storage slot 0x00.

The cybersecurity account shows that further in the swap3callback function, the permission check is circumvented.

SUSHI’s price was unaffected by this news, currently trading at $1,069.

SushiSwap Hacked, Causing Personal Damage $3.3 Million

As Coincu reported, the Securities and Exchange Commission (SEC) issued a subpoena to SushiSwap Head Chef Jared Grey, requesting papers and information on Sushi. In response to the SEC’s demand, Jared engaged lawyers to defend himself, and he is working on the inquiry. The investigation is a non-public fact-finding inquiry to investigate if any breaches of federal securities laws have occurred, and the SEC has not reached any findings.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

hack

Jared Gray

RouterProcessor2

SUSHI

sushiswap

Avatar of Harold

Author

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.
Scam Alert

SushiSwap Hacked, Causing Personal Damage $3.3 Million

Key Points:
  • SushiSwap was the victim of an exploit that cost at least one user more than $3.3 million.
  • The attack makes use of a RouterProcessor2 contract approve-related issue.
  • SushiSwap users who have exchanged in the previous four days may be impacted.
The SushiSwap decentralized exchange has just been hacked. Notably, an individual named 0xSifu has suffered damages of up to $3.3 million.
SushiSwap Hacked, Causing Personal Damage $3.3 Million

The attack takes use of an approve-related issue in the RouterProcessor2 contract, which PeckShield and SushiSwap Head Chef Jared Gray advise revoking on all chains.

This flaw enables an unauthorized party (hacker) to take tokens without the approval of the owner.

At first, a 100 ETH assault surfaced, which everyone assumed was the work of a white hat hacker.

However, shortly after, another hacker continued the chain of assault by mining 1,800 ETH using a similar smart contract but under the name “notyoink.”

According to @0xngmi, a DeFi Llama member, only individuals that switched on SushiSwap during the previous four days were related. DeFi Llama has also provided a list of contracts that must be canceled across all chains, as well as an add-on tool for determining which user wallet addresses are engaged.

Ancilia says that the main reason is that in the internal swap() method, it will use swapUniV3() to set the variable “lastCalledPool,” which is at storage slot 0x00.

The cybersecurity account shows that further in the swap3callback function, the permission check is circumvented.

SUSHI’s price was unaffected by this news, currently trading at $1,069.

SushiSwap Hacked, Causing Personal Damage $3.3 Million

As Coincu reported, the Securities and Exchange Commission (SEC) issued a subpoena to SushiSwap Head Chef Jared Grey, requesting papers and information on Sushi. In response to the SEC’s demand, Jared engaged lawyers to defend himself, and he is working on the inquiry. The investigation is a non-public fact-finding inquiry to investigate if any breaches of federal securities laws have occurred, and the SEC has not reached any findings.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Visited 84 times, 1 visit(s) today