Main navigation

$350 Million SushiSwap Hack Just Prevented by Anonymous Dev: Details

News
Wed, 08/18/2021 - 10:06
article image
Vladislav Sopov
Pseudonymous expert Samczun unveils how top-notch Ethereum (ETH) devs have saved SushiSwap (SUSHI)
$350 Million SushiSwap Hack Just Prevented by Anonymous Dev: Details
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

Security expert of a high-profile VC firm Paradigm, who goes by the @samczsun name on Twitter, has shared how he spotted and reported one of the most critical bugs in Ethereum DeFi segment’s history.

“Two rights might make a wrong”

According to an exciting story shared by @samczsun on the official Paradigm's website, he noticed a discussion in Telegram between Ethereum (ETH) developers about the MISO, a novel SushiSwap-centric token sale instrument.

The white-hat hacker started checking the architecture of the project and noticed two functions with no access control and one function that had not been properly initialized.

But then, he found way more sensitive bugs: due to the flaws in MISO Dutch Auction design, hypothetical malefactors were able to drain all the liquidity from the $350 million contract.

The expert admitted that the vulnerability was similar to the flaw identified in the Opyn DeFi contracts. In early August, 2020, it was drained of almost 370,000 USD Coins (USDC).

Related
Biggest DeFi Hack Ever? Cross-Chain Protocol Poly Network Drained of More Than $600 Million

All is well that ends well

To double-check his findings, Mr. Samczsun contacted his colleagues Georgios Konstantopoulos, Dan Robinson and SushiSwap (SUSHI) CTO Joseph Delong.

The developers decided to reach the team behind the auction (BitDAO) and offer them to finalize the auction manually by purchasing back all tokens available.

As a result, all funds were saved in five hours. Mr. Samszun concluded that using 'safe' components does not necessarily guarantee the safety of the whole system.

As covered by U.Today previously, the white-hat hacker of Poly Network is returning funds to their victims. Also, the team of Poly Network offered them a role of Chief Security Advisor along with a $0.5 million bounty.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)