SushiSwap fails – The decentralized finance is boiling this Sunday. SushiSwap was the victim of a hack which resulted in – at least – the loss of 3.3 million dollars. The outcome of the hack, still uncertain, is bitter. Explanations.
SushiSwap hack: a weekend that turns sour
The hack is still recent and all the details of the case are not yet available to us. However, here is what we know so far. The cause of the hack first. It would come from a bug related to approval on the RouterProcessor2 contract,After PeckShield.
“It appears that the SushiSwap RouterProcessor2 contract has an approval bug, resulting in the loss of over $3.3 million”
Peckshield – Source : Twitter
This flaw allowed the attacker to interfere in the process and hijack cryptocurrencies without permission, without approval. As a reminder, the approval (Token Approval) is a mechanism for giving a third party permission to transfer your tokens. Unfortunately, this can also pave the way for scams and significant financial losses. To dig deeper into this topic, we recommend this article: token approval: the Achilles heel of your cryptocurrencies.
A first hacker discovered this flaw and stole 100 ETH. The sum being minimal, it is possible that it is a white hat hacker because 90 ETH have already been returned. However, a second hacker also found the recipe and stole 1800 ETH, or $3.3 million au current price of etherto @Oxsifu, a sometimes-critical member of the crypto community.
“Sushi’s RouteProcessor2 contract has an approval bug; please revoke the approval as soon as possible. We are working with security teams to mitigate the issue.”
>> Need to store your cryptocurrency safely? Ledger offers you $20 in BTC for the purchase of a Nano S Plus key (commercial link) <<
Are you affected by the hack?
Caution remains in order at this time. However, some healthy information and gestures are worth remembering here. Although the attack did some damage, only users who interacted with the decentralized exchange in the past four days appear to be affected. However, over 190 Ethereum addresses endorsed the problematic contract, and over 2000 addresses on Layer 2 Arbitrum apparently endorsed the wrong contract as well. For those who have been affected, there is enough to have a feeling of indigestion. All these contracts plagued by hackers must therefore be revoked.
Two tools are available to users to find out if they are among the victims:
- A list of addresses ShushiSwap compromised has already been published by DeFiLlama member Oxngmi;
- And lien to check if one of your addresses is affected is also available.
DeFi hacks are commonplace – like the recent Euler Finance hack – and remind us all too of the importance of our security. While SushiSwap currently confirms that it is working on the resolution of this flaw and that the case is still on fire, an outcome is awaited. To be continued.
Disasters and hacks don’t just happen to others! It is better never to entrust the security of your cryptocurrencies to a third party. To sleep with peace of mind, equip yourself with a secure hardware wallet. Ledger, offers you up to $30 in BTC for the purchase of a Nano key. Your security is priceless (commercial link).