Sushi DEX Approval Contract Exploited For $3.3M


Key Points
A smart contract on decentralized finance (DeFi) protocol Sushi’s exchange services was exploited early Sunday, developers said in a tweet.


The exploit specifically involves the ‘RouterProcessor2’ contract, which is used to conduct trade routing on the SushiSwap exchange.


“It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss,” security firm PeckShield flagged in Asian morning hours on Sunday, which Sushi developers later confirmed.


As per several tweets from multiple security firms, the $3.3 million apparently came from a single user, @0xsifu, a popular trader in Crypto Twitter circles.


DefiLlama developer @0xngmi said Sunday that the exploit only seemed to impact users who approved Sushiswap contracts in the past 4 days.


Meanwhile, SushiSwap head developer Jared Grey asked users to revoke permissions for all contracts on SushiSwap as a security measure, adding the team was “working with security teams to mitigate the issue.”