BlockSec recovers 100 ETH stolen from SushiSwap hacker

The BlockSec team intercepted the hacker’s transaction of 100 ETH from the wallet of user @0xsifu during the SushiSwap DEX exploit and returned the funds.

1/ RouteProcessor2 @SushiSwap has a vulnerability that can drain accounts that approved to this contract. Our system immediately detected the attack attempt to @0xsifu and rescued some funds. Unfortunately, some other funds cannot be rescued.https://t.co/Fky1kgGmvA pic.twitter.com/I4tJbZ82bU

— BlockSec (@BlockSecTeam) April 9, 2023

On Sunday, the decentralized protocol was subjected to an attack through a vulnerability in the smart contract RouteProcessor2, which is used to route trades.

According to PeckShield, the losses of @0xsifu (under the nickname is allegedly the co-founder of the bankrupt Canadian exchange QuadrigaCX Michael Patryn) as a result of the exploit amounted to 1800 ETH or ~$3.3 million at the time.

«Our system immediately detected the attack attempt on @0xsifu and rescued some funds. Unfortunately, this did not apply to the remaining funds», — BlockSec said.

A white-hat hacker under the pseudonym Trust said he was the first to spot the vulnerability, but unknown actors exploited its vector and beat him to it, actively using MEV bots.

This is insane. MEV bots have deployed contracts and copied the attack before I could save everything ?

— Trust (@trust__90) April 9, 2023

BlockSec researchers noted that competition among MEV bots during the exploit meant that about 44.5% of the lost SushiSwap funds went to block builders as rewards. The one-time maximum payout was 678 ETH, awarded to the Beaver Build service.

3/ At the same time, multiple MEV bots (and attackers) are copy-pasting the attack tx. Some of them used the Flashbots and gave more than 80% fee to the builder. One bot owned by c0ffeebabe.eth even bribed 678 Eth to the builder in one transaction! pic.twitter.com/8dOZSIM5pJ

— BlockSec (@BlockSecTeam) April 9, 2023

In the first three months of 2023, blockchain projects lost more than $320 million due to hacks and fraud.