{"id":76972,"date":"2023-04-10T17:52:25","date_gmt":"2023-04-10T14:52:25","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=76972"},"modified":"2025-09-10T20:31:05","modified_gmt":"2025-09-10T17:31:05","slug":"blocksec-recovers-100-eth-stolen-from-sushiswap-hacker","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/blocksec-recovers-100-eth-stolen-from-sushiswap-hacker\/","title":{"rendered":"BlockSec recovers 100 ETH stolen from SushiSwap hacker"},"content":{"rendered":"<p>The BlockSec team intercepted the hacker&#8217;s transaction of 100 ETH from the wallet of user @0xsifu during the SushiSwap DEX exploit and returned the funds.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">1\/ RouteProcessor2 <a href=\"https:\/\/twitter.com\/SushiSwap?ref_src=twsrc%5Etfw\">@SushiSwap<\/a> has a vulnerability that can drain accounts that approved to this contract. Our system immediately detected the attack attempt to <a href=\"https:\/\/twitter.com\/0xSifu?ref_src=twsrc%5Etfw\">@0xsifu<\/a> and rescued some funds. Unfortunately, some other funds cannot be rescued.<a href=\"https:\/\/t.co\/Fky1kgGmvA\">https:\/\/t.co\/Fky1kgGmvA<\/a> <a href=\"https:\/\/t.co\/I4tJbZ82bU\">pic.twitter.com\/I4tJbZ82bU<\/a><\/p>\n<p>\u2014 BlockSec (@BlockSecTeam) <a href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1644977808450396160?ref_src=twsrc%5Etfw\">April 9, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On Sunday, the decentralized protocol <a href=\"https:\/\/forklog.com\/en\/news\/sushiswap-team-reports-vulnerability-in-platforms-smart-contract\">was subjected to an attack<\/a> through a vulnerability in the smart contract <a href=\"https:\/\/etherscan.io\/address\/0x044b75f554b886a065b9567891e45c79542d7357#code\">RouteProcessor2<\/a>, which is used to route trades.<\/p>\n<p>According to <a href=\"https:\/\/twitter.com\/peckshield\/status\/1644907207530774530?s=20\">PeckShield<\/a>, the losses of @0xsifu (under the nickname <a href=\"https:\/\/forklog.com\/en\/news\/community-accuses-wonderland-co-founder-of-involvement-with-quadrigacx\">is allegedly the co-founder<\/a> of the bankrupt Canadian exchange QuadrigaCX Michael Patryn) as a result of the exploit amounted to 1800 ETH or ~$3.3 million at the time.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abOur system immediately detected the attack attempt on @0xsifu and rescued some funds. Unfortunately, this did not apply to the remaining funds\u00bb, \u2014 BlockSec said.<\/p>\n<\/blockquote>\n<p>A white-hat hacker under the pseudonym Trust said he was the first to spot the vulnerability, but unknown actors exploited its vector and beat him to it, actively using MEV bots.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">This is insane. MEV bots have deployed contracts and copied the attack before I could save everything ?<\/p>\n<p>\u2014 Trust (@trust__90) <a href=\"https:\/\/twitter.com\/trust__90\/status\/1644900643608358913?ref_src=twsrc%5Etfw\">April 9, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>BlockSec researchers noted that competition among MEV bots during the exploit meant that about 44.5% of the lost SushiSwap funds went to block builders as rewards. The one-time maximum payout was 678 ETH, awarded to the Beaver Build service.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">3\/ At the same time, multiple MEV bots (and attackers) are copy-pasting the attack tx. Some of them used the Flashbots and gave more than 80% fee to the builder. One bot owned by c0ffeebabe.eth even bribed 678 Eth to the builder in one transaction! <a href=\"https:\/\/t.co\/8dOZSIM5pJ\">pic.twitter.com\/8dOZSIM5pJ<\/a><\/p>\n<p>\u2014 BlockSec (@BlockSecTeam) <a href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1644978614125965316?ref_src=twsrc%5Etfw\">April 9, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In the first three months of 2023, blockchain projects <a href=\"https:\/\/forklog.com\/en\/news\/crypto-projects-lost-more-than-320-million-to-hacks-in-the-quarter\">lost more than $320 million<\/a> due to hacks and fraud.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>BlockSec&#8217;s team intercepted the hacker&#8217;s 100 ETH transaction from @0xsifu&#8217;s wallet during the SushiSwap DEX exploit and returned the funds.<\/p>\n","protected":false},"author":1,"featured_media":76973,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1379],"class_list":["post-76972","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-sushiswap"],"aioseo_notices":[],"amp_enabled":true,"views":"20","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/76972","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=76972"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/76972\/revisions"}],"predecessor-version":[{"id":76974,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/76972\/revisions\/76974"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/76973"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=76972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=76972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=76972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}