{"id":19663,"date":"2023-04-10T04:07:01","date_gmt":"2023-04-10T04:07:01","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/sushiswap-smart-contract-bug-results-in-over-3m-in-losses-head-chef-says-hundreds-of-eth-recovered-defi-bitcoin-news\/"},"modified":"2023-04-10T04:07:01","modified_gmt":"2023-04-10T04:07:01","slug":"sushiswap-smart-contract-bug-results-in-over-3m-in-losses-head-chef-says-hundreds-of-eth-recovered-defi-bitcoin-news","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/sushiswap-smart-contract-bug-results-in-over-3m-in-losses-head-chef-says-hundreds-of-eth-recovered-defi-bitcoin-news\/","title":{"rendered":"Sushiswap Smart Contract Bug Results in Over $3M in Losses; Head Chef Says Hundreds of ETH Recovered \u2013 Defi Bitcoin News"},"content":{"rendered":"

(Originally posted on : Bitcoin News )<\/b>
\n<\/p>\n

\n
\n<\/header>\n
\n\n<\/div>\n

According to several reports, a bug introduced to the decentralized exchange (dex) protocol Sushiswap\u2019s smart contract has resulted in more than $3 million in losses. The blockchain and smart contract security firm Peckshield explained the exploited contract was \u201cdeployed in multiple blockchains.\u201d<\/strong><\/p>\n

Dex Platform Sushiswap Suffers From Smart Contract Exploit<\/h2>\n

Over the weekend, the dex platform Sushiswap saw its RouteProcess02 contract exploited and then distributed across various blockchain networks. Blockchain security firm Certik published<\/a> an alert after discovering the exploit. The company Peckshield also updated<\/a> the crypto community via Twitter, noting that Sushiswap\u2019s \u201cRouterProcessor2 contract has an approve-related bug.\u201d It has also been reported that the victim was a well-known crypto advocate called Sifu<\/a>, who reportedly lost 1,800 ether.<\/p>\n

Sifu may not have been the only victim, as Certik\u2019s alert mentions that a few USDC users may have been affected. \u201cWe have detected suspicious activity on [0x15d], which is a malicious router,\u201d Certik tweeted<\/a>. \u201cRevoke permissions if you have approved this router to spend your tokens. Stay safe. Multiple users who had approved the malicious contract have seen their USDC being transferred to [0x29e]. The wallet has taken about $20,000 in the last two hours,\u201d the company added<\/a>.<\/p>\n

A developer known as 0xngmi has detailed that the exploit should only be problematic for those who used Sushiswap during the last four days. \u201cOnly users impacted by Sushiswap hack should be those that swapped on Sushiswap in the last 4 days. If you did so, revert approvals ASAP or move your funds in the affected wallet to a new wallet,\u201d 0xngmi tweeted. Sushiswap\u2019s head chef Jared Grey also confirmed<\/a> the exploit and later detailed<\/a> that \u201crecovery efforts were underway.\u201d<\/p>\n

\u201cWe\u2019ve secured a large portion of affected funds in a whitehat security process. If you have performed a whitehat recovery please contact security@sushi.com for next steps,\u201d Grey said<\/a> at 9:42 a.m. Eastern Time on April 9. \u201cWe\u2019ve confirmed recovery of more than 300 ETH<\/a> from Coffeebabe of Sifu\u2019s stolen funds. We\u2019re in contact with Lido\u2019s team regarding 700 more ETH<\/a>,\u201d Grey added<\/a>. Sushiswap\u2019s CTO, Matthew Lilley, followed up later in the day and said<\/a> that there are currently no issues with using the Sushiswap dex platform.<\/p>\n

\u201cThere is no risk at this time with using Sushi Protocol, and the UI. All exposure to RouterProcessor2 has been removed from the front end, and all LPing \/ current swap activity is safe to do,\u201d the Sushiswap CTO explained. \u201cWe do ask that all users double-check their approvals, and if an address within this list below has an allowance for any of your tokens to please unapprove as soon as you can,\u201d Lilley added<\/a>. Just recently, Grey told the community that the Sushiswap team received a subpoena<\/a> from the U.S. Securities and Exchange Commission (SEC).<\/p>\n

\n
\nTags in this story
\n<\/h6>\n
2023 defi hack<\/a>, Advocate<\/a>, approval<\/a>, Blockchain<\/a>, certik<\/a>, Coffeebabe<\/a>, Crypto<\/a>, CTO<\/a>, decentralized exchange<\/a>, decentralized finance<\/a>, DeFi<\/a>, Defi Hack<\/a>, DEX<\/a>, ether<\/a>, Exploit<\/a>, Funds<\/a>, Hacker<\/a>, Head Chef<\/a>, Jared Grey<\/a>, Lido<\/a>, LPing<\/a>, Matthew Lilley<\/a>, Peckshield<\/a>, recovery<\/a>, RouteProcess02<\/a>, RouterProcessor2<\/a>, SEC<\/a>, Security<\/a>, Sifu<\/a>, Smart Contract<\/a>, Subpoena<\/a>, Sushi Protocol<\/a>, Sushiswap<\/a>, swap<\/a>, UI<\/a>, USDC<\/a>, Vulnerability<\/a>, vulnerability disclosure<\/a>, whitehat<\/a><\/div>\n<\/div>\n

What do you think can be done to prevent smart contract bugs like this in the future? Share your thoughts in the comments below.<\/strong><\/em><\/p>\n

\n
\n\n<\/div>\n
\n
\nJamie Redman <\/h6>\n

\nJamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

\n
\n
\n<\/a>
\n<\/span>\n<\/p>\n<\/div>\n<\/div>\n

Image Credits<\/b>: Shutterstock, Pixabay, Wiki Commons<\/em><\/p>\n

\n

Disclaimer<\/strong>: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com<\/a> does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.<\/p>\n<\/div>\n

\n