SushiSwap, a decentralized exchange (DEX) built on the Ethereum blockchain has fallen victim to an exploit resulting in the loss of over $3.3 million from at least one user, identified as 0xSifu on Twitter.
According to the details, an approve-related flaw on the RouterProcessor2 contract was used for the exploit. Subsequently, the Blockchain security firm, PeckShield, and Jared Grey, head chef at SushiSwap advised users to revoke all chains.
Additionally, Cybersecurity partner, Ancilia stated on Twitter that the exploit was caused by an internal swap () function, which will call swapUniV3() to set the variable “lastCalledPool” at storage slot 0x00. Furthermore, Ancilia said the permission check will get circumvented later in the swap3callback function.
Thus, users unknowingly allow the exploiter to steal their tokens by approving the bad contract. According to early reports, not many SushiSwap users are currently at risk. However, Sushi’s governance token’s price has dropped by 0.6% in the hour since the news was released.
Remarkably, the exploit occurred shortly after Grey said the exchange will increase its market share by ten folds following new offerings.
Notably, SushiSwap is a popular option for those looking to trade cryptocurrencies in a decentralized and trustless manner, and it has quickly become a major player in the decentralized finance (DeFi) space.
Are Decentralized Exchanges Prone to Attacks?
Decentralized exchanges (DEXs) are not immune to cyber vulnerabilities, like any technology, however, they may be less susceptible to some types of assaults than centralized exchanges.
However, there are still potential flaws in the DEX ecosystem. For example, smart contract bugs can be exploited to steal funds. Furthermore, attackers can manipulate the price of tokens on the DEX by executing large trades, causing temporary price imbalances that can be profitably exploited.
DEXs also face liquidity issues, which can make them more vulnerable to certain types of attacks. A malicious user, for example, could launch a “flash loan” attack, in which they borrow money from a DeFi platform, use it to manipulate the price of a token on a DEX, and then repay the loan before the price returns to normal.
Read More
All News
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now