DeFi protocol SushiSwap loses up to $15,000 due to vulnerability

The SushiSwap team discovered and fixed the vulnerability after withdrawals from the decentralized protocol totaling between $10,000 and $15,000. The exploit was described by the project developer 0xMaki.

Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.

LP — xSushi holders are safe!

It is a fascinating one thanks @andy8052 @danielque & sushi core devs for the quick reaction and help.

More soon! https://t.co/QmhNMTP28L

— 0xMaki 源 義経 (@0xMaki) November 29, 2020

The attacker explained that the damage was modest because the attack involved stealing commission revenues. The daily amount does not exceed $20,000–$30,000.

The attacker conducted the first microtransaction two to three days ago. On November 29, he began moving them in bulk. In a discussion with the platform Rekr, 0xMaki noted that it took about four hours to search for and fix the vulnerability.

SushiSwap will reimburse the damage from the project fund. According to the developer, the attacker earned the stolen funds as a reward for identifying the problem.

Earlier, in September in the SushiSwap governance mechanism identified a double-spend bug.

Earlier, experts identified ten vulnerabilities in the protocol, one of which could have led to transfers to any address.

Follow ForkLog’s news on Facebook!