SushiSwap, a DeFi protocol, was exploited over the weekend, resulting in a loss of US$3.3 million (approximately Rs.27.03 million). According to blockchain firms CertiK and Peckshield, a smart contract around feature permissions was exploited by hackers to facilitate this April 9 attack. Researchers have claimed that SushiSwap users who engaged with the protocol between April 4 and April 9 were most likely affected as part of this attack.
The smart contract, which aggregates trading liquidity from multiple sources and determines the cheapest price to exchange coins, has been targeted by hackers Cointelegraph called in a report.
Jared Gray, the chief developer of SushiSwap, has suggested that all protocol users remove permissions for all contracts of the Built by Ethereum Protocol.
We have secured a large portion of the affected funds using a white hat security process. If you performed a whitehat restore, please contact security@sushi.com for the next steps.
— Jared Gray (@jaredgrey) April 9, 2023
However, Gray has suggested people don’t bother with the protocol for now.
This exploit marks the second largest hacking attack in the DeFi place so far this year.
In March DeFi lending protocol Euler Finance lost at least US$177.6 million (approximately Rs.1,455 billion) in an exploit.
Hackers targeting DeFi protocols often identify vulnerabilities in the open-source nature of the platform’s code to gain unauthorized access.
Earlier last week, the US Treasury Department warned that DeFi services are being heavily abused to process illicit remittances. In its recent illicit finance risk assessment on decentralized finance, the Treasury found that notorious actors are exploiting vulnerabilities in standard anti-money laundering and counter-terrorism financing (AML/CFT) regulation.
DeFi services that fail to meet these anti-money laundering and anti-terrorist financing obligations pose the most significant illicit financial risk in this space, according to the assessment found.
In 2022, a series of hacking attacks on DeFi protocols resulted in a loss of US$3.8 billion (nearly Rs. 31,100 crore). report of Chainalysis had said.
According to a report by PeckShield, since January this year, financial losses caused by crypto exploits have fallen by 93 percent compared to the same month last year specified in February.
