- PeckShield reported that a bug in the Sushi Swap system resulted in a $3.3M loss.
- Users are advised to revoke approvals as the bug affected multiple chains.
- BlockSec blocked an attack transaction and rescued $180k Ether.
PeckShield, a blockchain security and data analytics company, has revealed that a bug in the approval system of SushiSwap’s RouterProcessor2 contract has led to the loss of more than 1,800 Ethereum tokens worth over $3.3 million.
The security firm noted that the hack affected several chains the exploited contract deployed, including Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom. It listed the affected addresses and advised users to revoke contract approvals immediately.
It seems the @SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss (about 1800 eth) from @0xSifu. If you have approved https://t.co/E1YvC6VZsP, please *REVOKE* ASAP!One example hack tx: https://t.co/ldg0ww3hAN pic.twitter.com/OauLbIgE0Q— PeckShield Inc. (@peckshield) April 9, 2023
Notably, Jared Grey, the Head Chef at Sushi Swap, acknowledged the issue and stated that the firm was working with security teams to mitigate the hack. The team has not disclosed the number of users affected by the hack, but they have assured users that only those who have interacted with the affected contract are at risk.
Specifically, users who have swapped on SushiSwap in the last four days are advised to revert approvals or move their funds to a new wallet to avoid being impacted by the hack.
BlockSec, a Smart Contract Audit firm, announced that it was aware of the attack on Sushi Swap and had evaluated possible damages before making a public statement. The firm stated that users’ assets were their top priority and that they had rescued a part of them, which they will release details of later.
We knew that @SushiSwap RouteProcessor2 was attacked. We evaluated possible damages in the past few hours and made this public only after we think it's safe : users' assets are always our first priority. Btw: we rescued part of them and will release the details later.— BlockSec (@BlockSecTeam) April 9, 2023
Additionally, the firm claimed to have blocked an attack transaction and rescued 100 Ether, equivalent to over $180,000, urging the affected SushiSwap contract to reach out for reimbursement.
The post SushiSwap Loses Over $3.3M in Ethereum Due to Approval System Bug appeared first on Coin Edition.