Sushi Swap

On April 9, 2023, SushiSwap, a decentralized exchange (DEX) on Ethereum, was exploited, resulting in the theft of over $3.3 million in various cryptocurrencies, as reported in the provided article.

Detected at 08:00 UTC, the attack targeted a vulnerability in the newly deployed RouterProcessor2 contract, which facilitated token swaps. The attacker manipulated the contract’s approval process, exploiting flawed parameter verification to gain unauthorized access to user wallets and drain funds, per Twitter (@SushiSwap). SushiSwap, with $400 million in total value locked per DefiLlama, paused the affected contract, deployed a fix, and urged users to revoke permissions to prevent further losses, as announced on Twitter (@SushiSwap).

The team confirmed operations continued, but user trust waned, contributing to a temporary crypto market dip, per CoinDesk. No direct user compensation was offered, as stolen funds were from user wallets, not platform custody.

The DeFi community analyzed the exploit, but no law enforcement actions or attacker identities were reported by April 2023, per the article. One of 295 DeFi hacks in 2023, costing $2 billion, per Chainalysis, the incident, alongside GDAC’s $13 million loss, underscored audit gaps, fueling calls for comprehensive smart contract audits, user permission vigilance, and standardized DeFi security protocols to enhance platform resilience.