SushiSwap Pays $200K Bounty to Recover $600K Stolen by Hackers

Stolen funds will be redistributed to users once SushiSwap completes an audit for its Merkle claim contract

article-image

David Sandron/Shutterstock modified by Blockworks

share

Decentralized exchange SushiSwap has been able to recover an additional $600,000 in crypto stolen from users earlier this month.

In the initial exploit, SushiSwap’s new router, RouterProcessor2, was attacked. The router had been deployed to 14 different blockchain networks.

Crypto worth more than $3.3 million at the time was drained, mostly ETH belonging to DeFi figure 0xSifu, and ​​any users who had approved the relevant smart contract in their wallets were urged to immediately revoke approval.

As the smart contract was not upgradeable, a temporary fix was difficult to implement. Blockchain security startup HYDN helped SushiSwap pick up the pieces after the attack. 

SushiSwap disabled its frontend to prevent more users from depositing assets into the pool, but the smart contract remained operational, Warren Mercer, the CEO of HYDN, told Blockworks.

“​​The only two options were really to alert users to the issue and ask them to remove approvals or to perform a whitehat rescue to save funds,” Mercer said.

A decision was made to front-run any further attacks and transactions. A “whitehat rescue” was determined as the best way forward, draining vulnerable funds before they could be stolen.  

In last year’s Multichain attack, the culprits ended up piling after users were alerted to the situation. HYDN and SushiSwap hoped to avoid a similar scenario.

While the rescue played out, another whitehat hacker who had reported the same bug through Immunefi attempted to recover 100 ETH themselves, Mercer notes.

“Unfortunately, he didn’t use a private mempool, so MEV bots detected his whitehat attempt in the public mempool who then replicated the attack and began stealing user funds,” he said.

In response to this, HYDN was tasked with quickly performing its whitehat attack. It began sequestering funds and deploying a ‘cross-chain watcher’ contract to protect against further attacks. SushiSwap paid the firm a $200,000 bounty for their efforts.

“To date, we have managed to rescue over $600.000 in user funds for Sushi, with the Sushi team managing to also gain back a large portion of the stolen funds,” Mercer said. Other amounts of ETH had been recovered directly following the attack.

Secured funds are still sitting in HYDN’s wallet, and funds will be distributed to affected users once SushiSwap completes a contract audit.

SushiSwap has so far retrieved a total of 885 ETH ($1.76 million). Another 795 ETH ($1.58 million) is kept in a rewards vault for the time being.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (8).png

Research

Meta-aggregators like Titan and Kamino Swap improve price execution for users, making the Solana swapping landscape more competitive. Jupiter has incorporated meta-aggregation features into its latest routing engine to keep users on its front end (own the user, own the flow). At large, teams are treating swaps as a commoditized complement, offering incredibly cheap or free swaps to own the end-user and increase demand for high-margin product offerings (multi-product DeFi). On another note, the divergence in the concentration of aggregator volume between DEXs suggests increased specialization at the DEX layer by asset type.

article-image

Investors moved to safe assets like the US dollar and gold, but bonds faltered

article-image

The Amex offers up to 4% bitcoin back, but the deal is a bit ironic considering crypto’s goals

article-image

Short answer: Subnets are now cheaper to bootstrap than a Celestia rollup

article-image

Few things are more cypherpunk than keeping keys in your brain wallet

article-image

Many community banks and credit unions feel like they missed the fintech craze — and they don’t want to miss stablecoins

article-image

BlackRock COO Rob Goldstein noted that the firm had been looking into crypto since 2017