SushiSwap is initiating plans to refund users affected by recent exploits. The protocol approached Lido for help, as huge amounts of the stolen money were sent to the protocol.
In recent days, the popular DEX is SushiSwap [SUSHI], fell victim to an exploit, resulting in the loss of millions of dollars. The vulnerability was due to a bug related to the “approve” function in the SushiSwap Router Processor 2 contracts.
Read SUSHI’s Price Forecast 2023-2024
The vulnerability invalidated users’ inputs. It also enabled the attacker to create a malicious router parameter that directed users to an attacker-controlled pool.
However, the SushiSwap team responded quickly and began formulating plans to resolve the issues related to the issue immediately.
SushiSwap announced on April 12 how it will transfer funds to victims of the recent exploit.
🚨 RouteProcessor2 Exploit & User Refund Update!
🧵 Read the thread below about what’s next for affected user funds and what processes we’re putting in place to refund user funds.
🖥️ First off, please know that the Sushi’s Swap web app is now safe to use!
🪡👇🏼
— Sushi.com (@SushiSwap) April 12, 2023
White hats and black hats
There will be two groups of users who will receive the refunds. The first are those whose money was acquired in a white hat exploit. A white hat exploit is a vulnerability discovered and exploited by an ethical hacker or security team.
The intent is to identify vulnerabilities and report them to the system owner for remediation, rather than causing damage or harm.
Users affected by the white hat exploit are safe as their money is in a contract and will be returned. However, users affected by the black hat attack will have to submit an email to SushiSwap so the protocol can verify if the user’s address has been compromised.
A friend in need
The SushiSwap protocol too reached for the Lido protocol to assist in the collection of user funds so that they can be refunded to the users.
SushiSwap approached Lido because some of the malicious transactions taking place were built by independent block builders. And in one case, a significant amount of ETH was transferred as an MEV reward to the block builder which was then redirected to Lido Execution Rewards Vault.
SushiSwap’s team also has reason to believe that about 78 ETH was sent to the Lido Treasury, which could be an easy starting point to recover some of the lost money.
Realistic or not, here is SUSHI’s market cap in terms of BTC
While SushiSwap’s actions to protect their users were swift, the protocol’s performance was nonetheless affected. According to data from Token Terminal, the number of daily active users and the revenue collected by the protocol dropped.
Source: token terminal
This post Analyzing SushiSwap’s next steps as it recovers from the latest exploit
was published first on https://ambcrypto.com/analyzing-sushiswaps-next-steps-as-it-recovers-from-the-latest-exploit/
