Altcoin

Analyzing SushiSwap’s next steps as it recovers from the latest exploit

SushiSwap faces the problem head-on as it begins the procedure to reimburse users affected by recent exploits. The protocol asked the Lido governance for help to recover some of the funds that were lost.

Published

on

  • SushiSwap initiates plans to refund users affected by recent exploits.
  • The protocol approached Lido for assistance as massive amounts of the stolen funds were sent to the protocol.

Over the last few days, popular DEX  SushiSwap [SUSHI], became a victim of an exploit, resulting in the loss of millions of dollars. The vulnerability was due to a bug related to the “approve” function in the SushiSwap Router Processor 2 contracts.


Read SUSHI’s Price Prediction 2023-2024


The vulnerability invalidated the inputs given by the users. It also enabled the attacker to create a malicious router parameter that directed users to an attacker-controlled pool.

However, the SushiSwap team was swift in its response and began to formulate plans to fix the issues pertaining to the problem immediately.

SushiSwap announced on 12 April how it will be transferring funds to victims of the recent exploit.

White hats and black hats

There will be two sets of users who will be receiving the refunds. The first would be those whose funds were acquired in a white hat exploit. A white hat exploit is a security vulnerability discovered and exploited by an ethical hacker or a security team.

The intention is to identify and report vulnerabilities to the system owner for fixing, rather than causing harm or damage.

Users impacted by the white hat exploit are safe as their funds exist in a contract and will be returned. However, users who have been affected by the black hat attack will have to submit an email to SushiSwap so that the protocol can verify whether the user’s address was impacted.

A friend in need

The SushiSwap protocol also reached out to the Lido

protocol to help in collecting user funds so that they can be reimbursed to the users.

SushiSwap approached Lido because some of the malicious transactions that took place were built by independent block builders. And in one case a substantial amount of ETH was transferred as an MEV reward to the block builder that then redirected to Lido Execution Rewards Vault.

The team at SushiSwap also has reason to believe that about 78 ETH was sent to the Lido Treasury, which could be an easy starting point for recovering some of the funds that have been lost.


Realistic or not, here’s SUSHI market cap in BTC’s terms


Even though the actions taken by SushiSwap to safeguard their users were swift, the protocol’s performance got impacted nonetheless. According to data from Token Terminal, the number of daily active users and the revenue collected by the protocol declined.

Source: token terminal