Popular decentralized exchange (DEX) platform SushiSwap has suffered more than $3.3 million in losses after a hacker exploited a bug in a smart contract.

More specifically, the DEX saw its RouteProcess02 contract, a smart contract that aggregates trade liquidity from multiple sources and identifies the most favorable price for swapping coins, exploited and then distributed across various blockchain networks.

“Root cause is because in the internal swap() function, it will call swapUniV3() to set variable “lastCalledPool” which is at storage slot 0x00,” crypto security firm Ancilia said in a tweet. “Later on in the swap3callback function the permission check get bypassed.”

DefiLlama pseudonymous developer 0xngmi suggested that only users who had swapped in the protocol during the past four days should be affected by the hack.

“Only users impacted by Sushiswap hack should be those that swapped on Sushiswap in the last 4 days. If you did so, revert approvals ASAP or move your funds in the affected wallet to a new wallet,” 0xngmi tweeted. 

At least one user has fallen victim to the hack so far. The victim, who is a well-known crypto advocate called Sifu, reportedly lost 1,800 ETH (worth around $3.3 million).

Meanwhile, Sushi’s lead developer, Jared Grey, has urged users to revoke permissions for all contracts on the protocol, stating, “Sushi’s RouteProcessor2 contract has an approval bug; please revoke approval ASAP.

He also created a list of contracts on GitHub with different blockchains requiring revocation to address the problem. Notably, the vulnerable contract is also deployed on Polygon, a popular Ethereum layer-2 solution. 

SushiSwap Recovers a “Large Portion” of Stolen Funds.

The SushiSwap team has managed to recover a significant portion of the stolen funds through a white hat security process.

“We’ve secured a large portion of affected funds in a whitehat security process. If you have performed a whitehat recovery please contact security@sushi.com for next steps,” Grey said at 9:42 a.m. Eastern Time on April 9. 

“We’ve confirmed recovery of more than 300 ETH from Coffeebabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH.”

Sushiswap’s CTO, Matthew Lilley, followed up later in the day and said that there are currently no issues with using the Sushiswap dex platform. “All exposure to RouterProcessor2 has been removed from the front end, and all LPing / current swap activity is safe to do,” he added. 

The recent hack comes on the heels of increasing regulatory scrutiny for the DEX as both Sushi DAO and Grey have been served with a subpoena by the US Securities and Exchange Commission.

On March 21, the organization announced the subpoena in the form of a proposal submitted to the Sushi DAO for the establishment of a legal defense fund to cover potential legal costs.

Over the weekend, Grey issued an official statement regarding the subpoena, claiming that “the SEC’s investigation is a non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws.”

“To the best of our knowledge, the SEC has not (as of this writing) made any conclusions that anyone affiliated with Sushi has violated United States federal securities laws.”

https://cryptonews.com/news/sushiswap-exchange-suffers-major-33-million-smart-contract-hack-heres-what-happened.htm

#crypto #bitcoin #ethereum #cryptocurrency #news #blockchain #litecoin #cryptonews #cryptonewstoday #cryptoworld #cryptoworlddaily #sushiswap #sushiswapnews #sushiswapnewstoday #decentralizedexchange #decentralizedexchangenews #decentralizedexchangenewstoday #hack #hacknews #hacknewstoday #defi #definews #crypto
***NOT FINANCIAL, LEGAL, OR TAX ADVICE! JUST OPINION! I AM NOT AN EXPERT! I DO NOT GUARANTEE A PARTICULAR OUTCOME I HAVE NO INSIDE KNOWLEDGE! YOU NEED TO DO YOUR OWN RESEARCH AND MAKE YOUR OWN DECISIONS! THIS IS JUST ENTERTAINMENT!

This information is what was found publicly on the internet. This information could’ve been doctored or misrepresented by the internet. All information is meant for public awareness and is public domain. This information is not intended to slander harm or defame any of the actors involved but to show what was said through their social media accounts. Please take this information and do your own research.

bitcoin, blockchain, crypto, cryptocurrency, altcoin, investment, ethereum, bitcoin crash, xrp, cardano, ripple