Some Funds Stolen in SushiSwap Exploit Recovered, but Blackhat Hackers Have the Rest

Funds recovered by whitehat security teams to be returned to users while others have been lost to blackhat hackers

by Ben Strack /
article-image

Subbotina Anna/Shutterstock modified by Blockworks

share

SushiSwap is now safe to use after attackers drained more than $3 million last weekend, the blockchain protocol said Wednesday. It is now preparing to return some of the stolen funds to affected users, though not all are expected to recoup their losses quickly. 

Exploiters found an approval bug in SushiSwap’s Route Processor 2 last weekend, taking roughly $3.3 million from the smart contract. 

The majority of addresses that approved SushiSwap’s problematic smart contract were on Arbitrum and Polygon. The contract had been deployed on Arbitrum a few weeks ago for testing.

As part of the exploit, funds got swept by whitehat security teams while some were lost to blackhat hackers, the SushiSwap team said in a tweet. Those who haven’t used SushiSwap in the past 10 days were likely not impacted. 

The company said that user funds in the whitehat contract are safe and will be claimable shortly through a Merkle Claim contract and website the protocol is building. 

SushiSwap users whose funds are not in the whitehat contract must contact the protocol and share the transaction ID and blockchain data for the lost funds.

Loading Tweet..

“Blackhat funds will take longer to process, as the team will have to manually verify the legitimacy against on-chain data that validates the claim and then pay it out accordingly,” SushiSwap tweeted. 

The SushiSwap hack came after the number of crypto attacks spiked during the year’s first quarter, according to a report by Web3 security platform Immunefi. 

Various DeFi protocols that have become victims to such exploits have been able to successfully recover some or all of their stolen funds in recent months.

Scammers often try to trick DeFi users into granting them access to their funds — a method services such as Revok.cash seek to combat. Blockchain security firm PeckShield had urged SushiSwap users who had approved the relevant smart contract to immediately revoke its approval.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Business

Ledger doubles down with second touchscreen-focused product

Firm known for crypto hardware wallets set to bring another touchscreen option to consumers

by Ben Strack /
article-image

Analysis

Empire Newsletter: Crypto’s next wave of smart money

Plus, BlackRock’s BUIDL is paying out steady yield — and those dividends are growing

by Katherine Ross&David Canellis /
article-image

DeFi

Jito unveils code for Solana restaking network

Solana’s biggest liquid staking provider takes a meaningful step towards restaking

by Jack Kubinec /
article-image

DeFi

Blast incentives aim to attract strong devs, as value leaks

BLAST token skids as Season 2 points plan earns mixed reviews

by Macauley Peterson /
article-image

Analysis

On the Margin Newsletter: Behind the most important economic paper of the year

Plus, a look at the top asset-gathering ETH ETFs after two days of trading

by Felix Jauvin&Ben Strack&Casey Wagner /
article-image

Analysis

Lightspeed Newsletter: Zk compression may help Solana’s data storage problems

Plus, celebrity memecoins are plummeting from their early price runs

by Jack Kubinec&Jeff Albus /