• SushiSwap, a popular decentralized exchange, recently fell victim to an exploit which led to the loss of over $3.3 million from one of its users.
• SushiSwap took quick action and collaborated with PeckShield cybersecurity firm to secure affected assets and recover stolen funds.
• The platform has since confirmed the recovery of more than 300 ETH and is in contact with Lido’s team regarding 700 more ETH.
SushiSwap, a popular decentralized exchange, experienced a major exploit resulting in the loss of over $3.3 million from one of its users. Through decisive action and collaboration with PeckShield cybersecurity firm, SushiSwap was able to quickly secure affected assets and begin recovering stolen funds.
The „Yoink“ Exploit
The exploit revolves around a bug in the RouterProcessor2 contract’s „approve“ mechanism which allowed unauthorized entities to steal users‘ tokens using a technique dubbed „yoinking“. Initially an attacker used the function to steal 100 ETH, followed by another hacker stealing around 1800 ETH through the same contract under the name “notyoink”.
Addressing the Problem
Head Chef Jared Grey and PeckShield recommended revoking the problematic contracts on all chains as soon as possible in order to mitigate further losses. It was also suggested that any user who interacted with SushiSwap within four days prior might be affected by this incident. A list of contracts to be revoked was released along with a tool for users to check if their addresses have been impacted by this attack.
SushiSwap has made progress in recovering some of the stolen funds after announcing their success at securing more than 300 ETH from CoffeeBabe from Sifu’s lost funds as well as being in contact with Lido’s team regarding 700 more ETH .
Despite initial fears surrounding such a large scale security breach, it appears that thanks to swift action taken by both SushiSwap’s team and other involved parties, much of what was lost can be recovered successfully.