Decentralized cryptocurrency trading platform SushiSwap was damaged by an anonymous person known on social media. Cyber attacker 0xsifu exploited a flaw in the platform and moved $3.3 million worth of cryptocurrencies into their own accounts.
Blockchain security researcher PeckShield found that the vulnerability in the DeFi platform was caused by the contract called RouteProcessor2, and 1,800 Ethereums disappeared from the exchange.
Ancilia, a company that carries out cyber security studies in the Web3 field, went into the details of the cyber attack. Ancilia identified exactly where the error was and notified SushiSwap officials.
According to the cybersecurity initiative, there is a problem with the "internal swap" part of the SushiSwap codes.
Statement from SushiSwap CEO!
After the hacker incident, Jared Gray, the chief executive of SushiSwap, made a series of statements on Twitter.
Retweeting PeckShield's post and confirming the event, Gray stated that users should immediately cancel the smart contract named RouteProcessor2.
Sushi's RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We're working with security teams to mitigate the issue. https://t.co/WhXJfa5xD4
— Jared Grey (@jaredgrey) April 9, 2023
Gray recommended the application called Revoke to users for contract cancellation.