SushiSwap Loses Over $3.3M in Ethereum Due to Approval System Bug

• PeckShield reported that a bug in the Sushi Swap system resulted in a $3.3M loss.
• Users are advised to revoke approvals as the bug affected multiple chains.
• BlockSec blocked an attack transaction and rescued $180k Ether.

PeckShield, a blockchain security and data analytics company, has revealed that a bug in the approval system of SushiSwap’s RouterProcessor2 contract has led to the loss of more than 1,800 Ethereum tokens worth over $3.3 million.

The security firm noted that the hack affected several chains the exploited contract deployed, including Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom. It listed the affected addresses and advised users to revoke contract approvals immediately.

Notably, Jared Grey, the Head Chef at Sushi Swap, acknowledged the issue and stated that the firm was working with security teams to mitigate the hack. The team has not disclosed the number of users affected by the hack, but they have assured users that only those who have interacted with the affected contract are at risk.

Specifically, users who have swapped on SushiSwap in the last four days are advised to revert approvals or move their funds to a new wallet to avoid being impacted by the hack.

BlockSec, a Smart Contract Audit firm, announced that it was aware of the attack on Sushi Swap and had evaluated possible damages before making a public statement. The firm stated that users’ assets were their top priority and that they had rescued a part of them, which they will release details of later.

Additionally, the firm claimed to have blocked an attack transaction and rescued 100 Ether, equivalent to over $180,000, urging the affected SushiSwap contract to reach out for reimbursement.