If you’re a user of SushiSwap, it’s time to be on high alert. The decentralized exchange has suffered an exploit resulting in the loss of $3.3 million from at least one user, and those who have interacted within the last four days may be at risk.
Here’s what you need to know: the exploit involves an approve-related bug on the RouterProcessor2 contract. By approving the bad contract, users unwittingly allow the exploiter to steal their tokens through the “yoink” function, which was used by the first attacker. Reports indicate that only those who have interacted with SushiSwap within the last four days are potentially at risk.
DeFi Llama’s @0xngmi has published a list of contracts across all chains that should be revoked, and has even built a tool to check if any of your addresses have been impacted. However, it’s important to note that this is not a comprehensive list, and there may be other contracts that are vulnerable to attack.
SushiSwap Head Chef Jared Grey has tweeted that they are working with security teams to mitigate the issue. But what can you do to protect yourself?
First and foremost, if you have interacted with SushiSwap in the last four days, you should check your addresses against the information provided by DeFi Llama’s @0xngmi. Revoking the RouterProcessor2 contract on all chains is also recommended to prevent further potential attacks.
It’s concerning to see yet another exploit in the DeFi space, especially one that could potentially impact so many users. Stay vigilant and take action to protect yourself and your assets.