Decentralized finance (DeFi) platform SushiSwap suffered another exploit that stole about $3.3 million worth of Ethereum from a single user’s account. The breach was caused by a bug introduced four days prior, which attackers used to steal approximately 1,800 ETH from a wallet owned by a prominent member of the Crypto Twitter community, known as Sifu.
The bug was identified as an “approve-related bug” in SushiSwap’s RouterProcessor2 contract, granting hackers unauthorised access permissions during a swap transaction. Cybersecurity firm Ancilia, backed by Binance, confirmed that the vulnerability was also present on the Polygon network.
SushiSwap’s “head chef,” Jared Gray, confirmed the exploit an hour after the theft, adding that users who had interacted with the platform should revoke all permissions granted to its contracts. CTO Matthew Lilley provided more details the following morning. Despite the hack, SushiSwap’s SUSHI token only dipped slightly, dropping by around 3% in value over the last 24 hours.
This is not the first time that SushiSwap has been targeted by cybercriminals. Earlier this year, the platform was nearly hacked for $350 million when a “white hat” crypto researcher discovered a bidding bug. SushiSwap was able to avoid that attack, but this latest exploit has once again brought its security protocols into question.
Implications of the Attack
The most significant implication of the SushiSwap hack is that it highlights the persistent vulnerabilities in DeFi protocols, which are often decentralized, making them difficult to secure. Moreover, DeFi platforms are currently one of the most popular and profitable sectors in the cryptocurrency market, which makes them attractive targets for hackers.
SushiSwap’s relatively quick response to the breach, including revoking permissions granted to its contracts, demonstrates that DeFi platforms must remain vigilant and proactive in detecting and responding to threats. In conclusion, the SushiSwap Exploit highlights the need for continuous investment in security and for platforms to work towards developing robust protocols that can effectively protect users and their funds.