Recently, it has been reported that the Sushiswap decentralized exchange (dex) protocol had a software bug that caused around three million dollars to be lost. Peckshield, a company specializing in blockchain and smart contract security, stated that this exploited contract was available on multiple blockchains.
This past weekend, Sushiswap, a dex platform, had something called the RouteProcess02 contract exploited and spread on many different blockchain networks. A team of specialists at Certik noticed the exploit and warned people immediately. In addition, Peckshield updated everyone on Twitter that Sushiswap’s RouterProcessor2 contract includes an error in its “approve” function. Someone known as Sifu who is a well-known figure in the crypto community allegedly lost 1,800 ether through this exploit.
Certik noticed something strange about a particular router, which is called [0x15d]. People who had allowed the malicious contract to access their USDC tokens experienced their money being sent to an unknown wallet address, [0x29e], without them knowing or agreeing. Apparently, this mysterious wallet address got around $20,000 within the past two hours! So make sure you don’t give permission to strangers and stay safe.
A person who develops computer programs, named 0xngmi, has finally said that the exploit only could be dangerous for those who used Sushiswap in the last 4 days. He said that if you changed your funds from Sushiswap during that time, you should immediately enter them into another wallet instead of just returning them. The head chef Jared Grey also agreed with 0xngmi and added that they were already starting to recover this situation.
At 9:42 a.m. Eastern Time on April 9, Grey said that they had recovered lots of stolen money using something called ‘whitehat security process’ and asked people who did the same to contact [email protected] for help. He also mentioned that they got back 300 ETH from Coffeebabe, and were talking with another team about getting an additional 700 ETH back. Finally, Matthew Lilley from Sushiswap reassured everyone that it was still safe to use the Sushiswap platform as usual.
The tech team at Sushiswap said that it is safe to use their software and system. They also suggested users to check if there are any tokens allowed from the list, and unapprove them as soon as possible. Recently, Grey mentioned that the U.S. Securities and Exchange Commission (SEC) asked for some documents from Sushismwp.
Do you have ideas on how to avoid outsmarting contracts in the future? Tell us your thoughts in the comments!