The exploit specifically involves the "RouterProcessor2" contract, which is used to route trades on the SushiSwap exchange.
"It seems the SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss," security firm PeckShield flagged during Asian morning hours on Sunday. Sushi developers later confirmed the exploit.
According to several tweets from multiple security firms, the $3.3 million apparently came from a single user, @0xsifu, a popular pseudonymous trader in Crypto Twitter circles.
DefiLlama developer @0xngmi, who is also pseudonymous, said Sunday that the exploit seemed to affect only users who approved SushiSwap contracts in the past four days.
Meanwhile, SushiSwap head developer Jared Grey asked users to revoke permissions for all contracts on SushiSwap as a security measure, adding the team was "working with security teams to mitigate the issue."
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.