The decentralized exchange (DEX) SushiSwap suffered an exploit that caused the loss of at least 1,800 ETH, equivalent to $3 million, belonging to the user identifying himself as 0xSifu on the social network Twitter.
The attack was reported by blockchain analysis firm PeckShield via Twitter. “It appears that the contact @SushiSwap RouterProcessor2 has an authorization related error resulting in a loss of >$3.3 million (around 1,800 eth) from @0xSifu.” explained.
However, more SushiSwap users could be affected by the attack So far the number of victims is unknown..
PeckShield urges those who approved transactions with the compromised Ethereum address to revoke them as soon as possible. Next to the message are images showing an example of the hack.
However, the attacked contract RouteProcess02 was also attacked implemented on various networks such as Binance Smart Chain (BSC), Polygon, Avalanche and FTM.
So does SushiSwap creator Jared Gray, aka Chef Nomi on the phone affected addresses. In addition, he reported that they are working with a security team to mitigate the risks.
The address on Ethereum was reported and warns users that it has been “compromised” and request review and revocation of token permissions from this contract.
How the attack on SushiSwap was carried out
The cyber security company Ancilia, explained from technical way how and what was attacked with the exploit. “The reason is that in the internal function swap() swapUniV3() is called to set the variable “lastCalledPool”, which is located in memory location 0x00. Later, in the swap3callback function, the permission check is skipped.
It means users unknowingly approve the malicious contract allow the exploiter to steal your tokens.
However, those who were affected by the SushiSwap hack were the ones who made exchanges in the last 4 days, so you need to reverse the transaction and move the funds to a new wallet, commented @0xngmi, from DefiLlama.
An exploit is a type of malware that is used to it Exploiting a vulnerability in a code to provoke involuntary or unexpected behavior. As pointed out by Criptopedia, the educational part of CriptoNoticias, this action is usually performed by a hacker discovering the vulnerabilities of a computer or system.
The cryptocurrency world in particular has been one of the favorite targets of hackers due to the large amount of elusive funds moving in the hands of unsuspecting users or careless companies.