On early Sunday, developers of the decentralized finance (DeFi) protocol SushiSwap disclosed in a tweet that a smart contract used for trade routing, called ‘RouterProcessor2’, had been exploited. The security firm PeckShield had previously flagged an approve-related bug in the same contract, which led to a loss of over $3.3 million. The Sushi developers later confirmed the exploit. Several security firms tweeted that the affected user was a popular trader in Crypto Twitter circles, @0xsifu. According to DefiLlama developer @0xngmi, the exploit seemed to only impact users who approved SushiSwap contracts in the past four days.
Sushi's RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We're working with security teams to mitigate the issue. https://t.co/WhXJfa5xD4
— Jared Grey (@jaredgrey) April 9, 2023
As a security measure, SushiSwap head developer Jared Grey asked users to revoke permissions for all contracts on SushiSwap. The team is currently collaborating with security teams to address the issue.