A smart contract on decentralized finance (DeFi) protocol Sushi’s exchange services was exploited early Sunday, developers said in a tweet.
The exploit specifically involves the ‘RouterProcessor2’ contract, which is used to conduct trade routing on the SushiSwap exchange.
“It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss,” security firm PeckShield flagged in Asian morning hours on Sunday, which Sushi developers later confirmed.
As per several tweets from multiple security firms, the $3.3 million apparently came from a single user, @0xsifu, a popular trader in Crypto Twitter circles.
DefiLlama developer @0xngmi said Sunday that the exploit only seemed to impact users who approved Sushiswap contracts in the past 4 days.
Meanwhile, SushiSwap head developer Jared Grey asked users to revoke permissions for all contracts on SushiSwap as a security measure, adding the team was “working with security teams to mitigate the issue.”