After a high-profile breach, SushiSwap has announced measures for repaying the stolen funds. It has offered an update on the weekend’s exploit and a plan to repay impacted users. The decentralised exchange stated the money was either cleaned by whitehat security professionals or lost to blackhat hackers.
According to the exchange, user cash was either “swept by whitehat security teams” or “lost to blackhat hackers.” If the funds are in the whitehat contract, it means that the money was recovered by security teams and that users will be allowed to access it. To send the recovered money to user wallets, SushiSwap will build a Merkle Claim contract. “We’ve completed most of this work and it will go live soon,” the DEX noted on Twitter.
However, clients would have to wait longer for a return if their funds are still attached to the Blackhat contract. Recovery of cash taken by criminal actors will be more difficult. Users whose money is with the blackhat exploiter must submit an email to security@sushi.com that contains transaction IDs and blockchain data. Alternatively, they may open a ticket in SushiSwap’s official Discord. This is due to the fact that each claim must be carefully evaluated by the decentralised exchange utilising on-chain data analysis before it can be paid out.
On April 9, a RouterProcessor2 contract issue relating to approval was utilised against SushiSwap. Assets belonging to customers who authorised the shoddy contract were seized, resulting in a $3.3 million loss altogether. According to the decentralised exchange, users who have not contacted the protocol in the previous 10 days are unlikely to have been impacted by the hack. Nonetheless, as a security precaution, the team urged users to double-check their permissions.
According to the Sushi team, it is implementing an opt-in claims mechanism and will manage claims on a case-by-case basis.” Our goal is to return all user funds to legitimate claimants,” Sushi said, adding: “We appreciate everyone’s patience and understand your frustration as we work through returning funds to affected users.”
To remedy the problem, a list of contracts requiring revocation was established on GitHub. Following the occurrence, a “significant amount of damaged funds” were rapidly recovered utilising a white hat security process. Meanwhile, SushiSwap is dealing with additional issues. The US Securities and Exchange Commission (SEC) has slapped a subpoena on the decentralised exchange and Grey, prompting the latter to ask Sushi DAO to pay a $3 million USDT legal defence.
