Key points to remember
- SushiSwap was hacked on April 9.
- The attackers were able to siphon funds directly from the wallets of recent users of the protocol.
- SushiSwap plans to help victims recover their funds.
Share this article
Victims of the SushiSwap exploit have a chance to recover their funds, whether they were preemptively taken by hackers or stolen by malicious actors.
Return user funds
SushiSwap has a plan to make its users whole.
The decentralized exchange based on Ethereum noted on Twitter today that users who were affected by the protocol attack last weekend could recover their funds.
SushiSwap is a decentralized finance project that allows its users to trade cryptocurrencies without needing to involve a third party. On April 9, a flaw in the protocol’s RouteProcessor2 smart contract allowed an exploit to siphon tokens from users who had previously approved the faulty contract.
It’s currently unclear how much was actually taken, as hacker groups quickly stepped up to preemptively siphon off user funds to protect them from malicious parties. However, the attacker was able to steal at least 1,800 ETH (worth over $3.3 million at the time of the exploit) from a single SushiSwap user.
According to SushiSwap, the flawed smart contract was only deployed “in the last ten days,” meaning users who hadn’t interacted with the protocol since April 2 weren’t impacted by it. ‘feat. The exchange team strongly encouraged users to revoke protocol trusts in all cases, as a “good security practice”.
SushiSwap has indicated that users whose funds had been swept away by white hat security teams may claim their funds shortly. The exchange’s development team is currently building a Merkle Claim contract that users can connect their wallets to in order to receive their funds.
Users whose funds have been misappropriated by attackers will need to submit an email to SushiSwap’s security team, including transaction IDs and blockchain data for lost funds. The team indicated that the process would take longer to process because manual verification of the data would be required. “Our goal is to return all user funds to legitimate claimants. We appreciate everyone’s patience and understand your frustration as we work to return funds to affected users,” the memorandum reads.
Disclosure: At the time of writing this article, the author of this article owned BTC, ETH, and several other crypto assets.