Key takeaways:
- SushiSwap was the target of a scam.
- Users engaged with the decentralized exchange in the previous four days appear to be impacted by the hack.
SushiSwap, a Twitter account known as 0xSifu, suffered a loss of more than $3.3 million after a decentralized exchange called SushiSwap became the victim of an exploit.
This vulnerability is primarily affecting the ‘RouterProcessor2’ contract, which manages the transaction routing on the SushiSwap exchange, which is impacted by the vulnerability.
The main reason, said Ancilia, Inc., and in technical terms, “is that in the internal swap() method, it will use swapUniV3() to set variable “lastCalledPool” which is at storage slot 0x00.” There was a report that the permission check was bypassed in the swap3callback function later on, according to the cybersecurity account. On Sunday morning in Asia, security company PeckShield raised an alert that Sushi developers later validated.
“It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss,”
Only users who exchanged on SushiSwap over the previous four days, according to DeFi Llama’s @0xngmi, should be impacted. They have developed a tool to see whether any of your addresses have been impacted and published a list of contracts from all chains that should be canceled.
Although the organization was “working with security teams to mitigate the issue,” SushiSwap chief developer Jared Grey encouraged users to remove permissions for all contracts on the platform as a precaution.
SushiSwap CEO Jared Grey had received a barrage of charges dating back to October. In 2019, Grey was accused of stealing money from the cryptocurrency community via a project called ALQO. In addition, Grey had been accused of using the wallet Liberio to take 70% of the entire supply of coins, according to the accusations.
The SEC recently served a subpoena on a decentralized cryptocurrency exchange, probably due to problems with its native token, Sushi. The SEC has taken a number of enforcement steps in recent months, including fining cryptocurrency exchange Kraken for its staking service and bringing legal action against Do Kwon, the founder, and CEO of Terraform Labs, for suspected securities fraud. Among the countless actions that have taken place over the past few months, the subpoena is but the most recent.
