An assault was launched on the SushiSwap platform. For the time being, its governance token appears unaffected by the incident. SushiSwap, a decentralized exchange (DEX), revealed on Sunday, April 9,that it had been attacked. There would be an exploit, according to the first information. In other words, the bad actor used security holes in the platform to steal cash.
SushiSwap Hacker is not yet Found
There was no information provided about the identity of the hacker. What we do know is that they were able to take $3.3 million in assets from the platform through the operation. Money belonging to a Twitter user identified as 0xSifu has also been stolen. SushiSwap‘s boss, Jared Grey, claims that the latter is not the only one who has been affected by the attack. At least 2000 addresses from the decentralized Layer 2 platform Layer 2 Arbitrum are thought to have been compromised. The situation is similar for around 190 Ethereum blockchain addresses.
For the time being, stakeholders have not been notified about the monies that all of these locations may have lost. But one thing is certain: they were all tricked by the evil hacker. The latter would have compelled them to blame the flawed “SushiSwap router contract approval system.” This was accomplished thanks to a defect that allowed him to skip the permission check.
Ancilia Inc. Revealed Some Insights on the SushiSwap Incident
Ancilia Inc., a cybersecurity service provider, revealed some technical insights in this respect. Theyrevealthat the hacker defined the lastCalledPool variable (the storage address 0x00) beneath swapUniV3 “in the internal function swap.” This would be the primary cause of the attack on SushiSwap. So, by confirming the incorrect contract, all of the targeted users have inadvertently authorized the theft of their funds.
At the time being, it is unknown if these fundscan be retrieved. SushiSwap, on the other hand, stated that they are”working with security professionals to remediate the issue.” It is intended to annul all contracts that are in some way linked to the incident. An address verification tool that has been impacted is also announced.