A smart contract on decentralized finance (DeFi) protocol Sushi’s exchange services was exploited, developers said in a tweet. The exploit specifically involves the ‘RouterProcessor2’ contract, which is used to conduct trade routing on the SushiSwap exchange.
“It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss,” security firm PeckShield flagged in Asian morning hours on Sunday, which Sushi developers later confirmed. As per several tweets from multiple security firms, the $3.3 million apparently came from a single user, @0xsifu, a popular trader in Crypto Twitter circles. DefiLlama developer @0xngmi said the exploit only seemed to impact users who approved Sushiswap contracts in the past 4 days.
Meanwhile, SushiSwap head developer Jared Grey asked users to revoke permissions for all contracts on SushiSwap as a security measure, adding the team was “working with security teams to mitigate the issue.