SushiSwap, a decentralized exchange (DEX) on the Ethereum blockchain, has updated users about its plans to return stolen funds to those affected by the recent $3.3 million hack. The exchange confirmed that users whose assets were retrieved by white hat security teams would be refunded more quickly than those affected by the black hat hackers.
The $3.3 Million SushiSwap Hack
The DEX was exploited through its approval contract, RouterProcessor2, on April 9th, resulting in the loss of 1,800 ETH tokens worth $3.3 million. The compromised contract was used for trade routing on the platform.
Upon discovery of the vulnerability, SushiSwap deployed whitehat security teams who secured funds from the affected addresses. The platform urged users who were vulnerable to the exploited contract to revoke their approval. Blockchain security firm BlockSec revealed that it had detected an attack and rescued 100 ETH worth $186,000.
SushiSwap to Compensate Users
SushiSwap plans to compensate users affected by the hack. The exchange will use a Merkle Claim contract to return assets to those whose funds are in the white hat address. Those affected by the black hat hackers are required to submit an email or open a ticket in the project’s official Discord channel with information about the transaction IDs and blockchain data of the lost funds.
The protocol will establish an opt-in claims process to manage the claims on a case-by-case basis, and the exchange will release detailed steps for the process later. SushiSwap has updated its web app, fixed the bug, and requested users to continue normal activities.
Our goal is to return all user funds to legitimate claimants. We appreciate everyone’s patience and understand your frustration as we work through returning funds to affected users 🤝
— Sushi.com (@SushiSwap) April 12, 2023
