BCCN3

View Original

SushiSwap's Quick Response to $3.3 Million Hack

Over the weekend, Sushiswap, a popular Ethereum DeFi protocol, was the target of a recent hack that stole approximately $3.3 million. Fortunately, the team at Sushiswap was quick to respond to the hack and notified their entire community in an effort to mitigate losses. 

This response has been one of the best compared to other hacks that have occurred in 2023, suggesting that response measures are improving. However, are they good enough for global adoption yet?

Routeprocessor 2 hack

According to Sushiswap, the hack was due to a bug in one of their Sushi contracts which was exploited by the hacker. This bug was in the routeprocessor2 which is responsible for the approvals made by wallets and protocols, thus marking it as an attractive bottleneck for hackers to target. 

The hackers were then able to steal funds from wallets that signed the routeprocessor2 contract because their funds were stored in the Sushiswap protocol and not solely within their own custody. 

Sushiswap’s quick response

Sushiswap’s response has been more than ideal. Among many things, the team was quick and transparent about what had happened, making sure that their entire community was aware of the situation.

First, the team began by identifying all of the addresses associated with the routeprocessor2 contract in order to determine who had been affected. Fortunately, the team was able to protect many of the addresses affected because of on-chain activity that made it possible to return stolen funds. However, there are still many wallets that have been stolen and the team is in contact with local authorities. 

In the meantime, the team is pursuing further investigations so that they can recover the total amount of stolen cryptocurrency. The team has also removed the exploited contract so that the issue will no longer continue. Now, it is merely a question of pursuing the hacker and reacquiring the stolen funds. 

Who was harmed?

It appears that the majority of people who were affected were regular users and retail investors participating in DeFi. Jared Grey, the “Head Chef” at SushiSwap, made it clear that the exploit did not target any of the liquidity pools on the Sushiswap protocol. 

This is incredibly important to note because the problem becomes exponentially worse when liquidity pools are drained. Liquidity pools are where the majority of a protocol’s assets reside, and when they are stolen it can hinder the trading abilities of many on the protocol to the point that they might be forced to shut down. 

However, this was not the case and Grey has assured the community that LPs are safe at the moment. He also stated that, following the contract’s removal, trading on the SushiSwap platform is safe again. 

Is Defi safe enough for adoption?

While Sushiswap’s response to the hack was swift and effective, lingering doubts about the safety and security of DeFi protocols are still present. Although the concept of DeFi and financial services in web3 are exciting and pose many unique solutions to aiding underbanked communities and individuals, trust and security need to remain as close to 100% as possible if significant adoption is to be expected. 

Simply put, no one wants to store their assets into protocols that have been targeted by hackers routinely since the inception of web3. If this is to continue, thoughts of a greater web3 industry may never come to fruition. So, it is essential that blockchain cybersecurity begins advancing immediately.