Bitcoin
Bitcoin (BTC)
$101,080.00 -0.28504
Bitcoin price
Ethereum
Ethereum (ETH)
$3,849.88 -1.40434
Ethereum price
BNB
BNB (BNB)
$710.93 -2.04715
BNB price
Solana
Solana (SOL)
$217.46 -2.80096
Solana price
XRP
XRP (XRP)
$2.38 -2.08125
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000272 -3.4256
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000231 -5.95795
Pepe price
Bonk
Bonk (BONK)
$0.000036 -6.00675
Bonk price
dogwifhat
dogwifhat (WIF)
$2.80 -4.26598
dogwifhat price
Popcat
Popcat (POPCAT)
$1.09 -11.28145
Popcat price
Bitcoin
Bitcoin (BTC)
$101,080.00 -0.28504
Bitcoin price
Ethereum
Ethereum (ETH)
$3,849.88 -1.40434
Ethereum price
BNB
BNB (BNB)
$710.93 -2.04715
BNB price
Solana
Solana (SOL)
$217.46 -2.80096
Solana price
XRP
XRP (XRP)
$2.38 -2.08125
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000272 -3.4256
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000231 -5.95795
Pepe price
Bonk
Bonk (BONK)
$0.000036 -6.00675
Bonk price
dogwifhat
dogwifhat (WIF)
$2.80 -4.26598
dogwifhat price
Popcat
Popcat (POPCAT)
$1.09 -11.28145
Popcat price
Bitcoin
Bitcoin (BTC)
$101,080.00 -0.28504
Bitcoin price
Ethereum
Ethereum (ETH)
$3,849.88 -1.40434
Ethereum price
BNB
BNB (BNB)
$710.93 -2.04715
BNB price
Solana
Solana (SOL)
$217.46 -2.80096
Solana price
XRP
XRP (XRP)
$2.38 -2.08125
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000272 -3.4256
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000231 -5.95795
Pepe price
Bonk
Bonk (BONK)
$0.000036 -6.00675
Bonk price
dogwifhat
dogwifhat (WIF)
$2.80 -4.26598
dogwifhat price
Popcat
Popcat (POPCAT)
$1.09 -11.28145
Popcat price
Bitcoin
Bitcoin (BTC)
$101,080.00 -0.28504
Bitcoin price
Ethereum
Ethereum (ETH)
$3,849.88 -1.40434
Ethereum price
BNB
BNB (BNB)
$710.93 -2.04715
BNB price
Solana
Solana (SOL)
$217.46 -2.80096
Solana price
XRP
XRP (XRP)
$2.38 -2.08125
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000272 -3.4256
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000231 -5.95795
Pepe price
Bonk
Bonk (BONK)
$0.000036 -6.00675
Bonk price
dogwifhat
dogwifhat (WIF)
$2.80 -4.26598
dogwifhat price
Popcat
Popcat (POPCAT)
$1.09 -11.28145
Popcat price

Exclusive: Hacker behind SushiSwap’s preemptive Sifu hack explained how it was done

exclusive-hacker-behind-sushiswaps-preemptive-sifu-hack-explained-how-it-was-done
Edited by
News
Exclusive: Hacker behind SushiSwap’s preemptive Sifu hack explained how it was done

In an exclusive interview with crypto.news, pseudonymous white-hat hacker known as Trust has shared crucial details regarding a recent hack that took advantage of a vulnerability in the RouteProcessor2 contract.

Trust was able to save a significant amount of users’ funds by performing a preemptive April 10 hack on the funds held by Sifu, only to return those funds after moving them to safety.

Unfortunately, malicious actors were able to imitate the attack and exploit the vulnerability against other holders.

SushiSwap hit by advanced attack

Trust explained that the RouteProcessor2 contract, deployed just four days ago, is designed to oversee various types of token SushiSwap (SUSHI) swaps. Users pre-approve the contract to spend their ERC20 tokens, and then call the swap() function to execute the swap.

However, the contract interacts with UniswapV3 pools in an unsafe manner, as it completely trusts the user-supplied “pool” address.

The oversight allows a bad pool to provide false information to the contract about the source and amount of a transfer, enabling any user to fake a swap and gain access to another user’s entire approved amount.

Trust stated that this vulnerability should have been detected by any reasonable audit firm, raising concerns about the maturity of the production codebase.

The hacker also mentioned the presence of highly sophisticated bots that replicated their fund-saving transaction to instead steal assets, emphasizing the extensive resources and capabilities of these bots, known as miner extractable value (MEV) bots.

Trust chose to perform the preemptive hack for several reasons.

First, he had submitted a full vulnerability report one and a half hours before the hack but received no reply.

Second, he was afraid that the development team might not be available during the weekend.

Third, they knew the contract couldn’t be fixed and could only be hacked or have user approvals revoked.

Finally, they prioritized saving a single address holding the majority of the funds at risk, Sifu’s address. Trust also did not anticipate the complexity of MEV bots in the situation.

In light of these revelations, it is crucial for the crypto community to reassess security practices and prioritize thorough audits of smart contracts to prevent such vulnerabilities from being exploited.

Trust’s actions demonstrate the importance of white-hat hackers in the ecosystem, working to protect users’ funds and improve overall security.