Over the weekend, Decentralized exchange Sushiswap became the latest victim of hacks after its ‘RouterProcessors2’ contract got exploited, with the attacker draining more than $3.3 million in ETH from one user called Sifu, who is well-known in crypto Twitter.
Blockchain security company Peckshield tweeted that the exploiters targeted several chains on which the affected smart contract runs, including Avalanche, Binance Smart Chain, Ethereum, and Fantom. The firm advised all SushiSwap users to invalidate permissions granted to the protocol’s contracts.
SushiSwap CEO Jared Gray retweeted PeckShiled’s tweet to confirm the exploit and reiterated the security firm’s recommendation about users revoking permissions.
SushiSwap Initiate Funds Recovery Process
Yesterday, SushiSwap Chief Technology Officer (CTO) Matthew Lilley took to Twitter to inform users that the decentralized exchange’s team was working hard to identify all the affected addresses and that it had initiated a rescue mission to recover the stolen funds.
Lilley also said SushiSwap was safe to use since the firm had managed to remove exposure to RouterProcessor2 from the front end. In addition, the CTO provided a link to a certain tool to help users assess whether they had permitted RouterProcessor2 to access their funds.
SushiSwap CEO reported on Sunday evening that the firm recovered about 300 ETH, with over 650 ETH in process. Meanwhile, the crypto visualization service MetaSleuth tweeted that the first attacker, named Ox9deff, had returned only 90 ETH of the stolen 100 while security company BlockSec recovered 100 ETH.
MetaSleuth also revealed that most of the stolen funds were transferred to Beaverbuild and Lido Finance protocols.
Despite the attack, SushiSwap’s native token, SUSHI, is up 2.6% in the past 24 hours to trade at $1.11 as of this writing, according to data from CoinGecko.
Other Attacks on DeFi Protocols This Year
The attack on SushiSwap is one of the two that happened last week. Lending and borrowing protocol Sentiment was targeted last Tuesday, with hackers stealing over $1 million. According to Developer Immaddin Amsif, the attacker managed to execute the exploit by calling a self-destruct function on the protocol’s smart contract.
In an effort to recover the funds, the protocol offered the attacker a $95,000 reward to return the money.
MetaMask developer Taylor Monahan claims that the attacker has so far returned about $790,000, although Sentiment has not reported receiving any funds.
Another DeFi protocol that has been attacked this year is Euler Finance. The hacker carried out four transactions that saw the platform lose over $196 million. Euler initiated recovery efforts by sending on-chain messages to the attacker seeking to negotiate. The hacker agreed to return the funds a few weeks ago following a $1 million bounty.
That said, these attacks show the importance of DeFi projects adopting proper security measures and regularly monitoring their systems.