DeFi protocol SushiSwap suffers a $3.3 million exploit caused by an approval-related bug in its RouterProcessor2 contract.
According to blockchain security analytics firm Peckshield, the bug caused the drainage of about 1800 ETH from user @0xsifu.
Sushi’s head developer, Jared Grey, alerted the community to revoke approvals immediately noting that recovery efforts are underway.
Security analytics firm Certik noted multiple users that had approved the contract had their USDC being transferred to another address.
Jared Grey later added that the SushiSwap team secured a large portion of affected funds in a whitehat security process. Grey also confirmed the recovery of more than 300 ETH ($55,766) from CoffeeBabe of user Sifu’s stolen funds.
The team is reportedly now in contact with Lido Finance’s team regarding 700 more ETH drained in the exploit.
Also Read: Euler Finance Attacker Returns All of the Stolen Funds
DeFiLlama team members 0xngmi tweeted that SushiSwap approvals done in the last two weeks are the most vulnerable to the exploit.
“If you did so revert approvals asap or move your funds in affected wallet to a new wallet,” 0xngmi added.
