SushiSwap Recovers $186K in Ether After $3.3M Exploit

DeFi exchange SushiSwap recovered ether worth $186,000 that was drained by a hacker from the wallet of @0xsifu, a popular trader in Crypto Twitter circles and a Sushi user, CoinDesk reported, citing tweets from multiple security firms.

The platform suffered a $3.3 million exploit this weekend, BlockSec security firm tweeted early yesterday morning. The attacker targeted a weakness in the ‘RouterProcessor2’ contract, which users deploy to route trades on the exchange.

Protocol is working on retrieval plan

BlockSec recovered 100 ether worth approximately $186,000 on Sunday after detecting malicious activity. The firm intercepted a transaction between @0xsifu’s wallet and the attacker’s wallet. BlockSec could save some of the funds as a result.

The DeFi exchange’s lead developer, Jared Grey, told CoinDesk SushiSwap was working on a plan to recover the stolen funds and compensate the affected user. He assured the team was making every effort not only to recover the assets, but also to mitigate further risk.

Novelty: an “approve-related” bug

According to blockchain sleuth PeckShield, the SushiSwap RouterProcessor2 contract had an “approve-related” bug, which resulted in the $3.3 million exploit.

So far, more than 2,000 addresses on Layer 2 blockchain Arbitrum and almost 200 Ethereum Mainnet addresses have approved the contract that enabled the SushiSwap exploit this weekend.

According to DefiLlama, the exploit only seemed to affect users who had approved SushiSwap contracts in the last few days.

Attacks are getting more ingenious

Crypto hacks are getting more ingenious, including the SushiSwap one, even though it doesn’t even approximate the biggest hacks in history.

Regrettably, as security and regulation improve, cybercriminals are finding new and novel ways to exploit vulnerabilities and make away with millions, sometimes even hundreds of millions. White hat hackers are helping Sushi recover the user’s lost funds, but it might take some time.