SushiSwap Gets Hacked As All Chains May Be Revoked

SushiSwap, one of the most popular decentralized exchanges in the world, recently fell victim to an exploit resulting in the loss of at least $3 million.

The hacker took advantage of an approve-related bug in the RouterProcessor2 contract, which both PeckShield and SushiSwap advise revoking on all chains as soon as possible.

A bug reportedly allowed an unauthorized entity to steal tokens without anyone finding out. Following the initial attack for 100 ETH, which appeared to be a white hat, it was soon reported that another hacker came along and stole approximately 1,800 ETH by using the same exact contract with a different name.

According to DeFi Llama, only those who swapped on SushiSwap in the last four days would be affected. They additionally published a list of contracts which will be revoked across all chains and also created a tool to check if any addresses have been affected.

So far, the problematic contract has been approved by 190 Ethereum addresses. The main issue, however, is that over 2000 addresses on Layer 2 Arbitrum appear to have approved the bad contract.