- The unfortunately-timed hack led to a loss of 1,800 ETH.
- The exploit comes a day after the DeFi platform broke its silence about an SEC subpoena.
- Despite a post from Head Chef Jared Grey, there are still more questions than answers about the SEC’s action toward SushiSwap.
Whenever the Securities and Exchange Commission (SEC) is mentioned alongside a crypto company, there is cause for concern given the U.S. approach to regulation by enforcement.
On March 21, it was revealed that Sushi DAO Head Chef Jared Grey was served with a subpoena from the SEC, which Grey addressed and explained on April 8. However, a day after the explanation, a bug on the DeFi platform led to over $3 million in losses.
Unusual Activities
The hack on SushiSwap was identified by Blockchain security companies CertiK Alert and Peckshield. Taking to Twitter, it was noted that there was some unusual activity related to the approval function in Sushiโs Router Processor 2 contract.
Sponsored
Following the identification of the bug, around 1,800 ETH were lost, totaling $3.3 million. It was also stated that the hack should only affect users who swapped in the protocol in the past four days.
Grey sprung into action, asking users to revoke permissions for all contracts on the protocol.
โSushiโs RouteProcessor2 contract has an approval bug; please revoke approval ASAP. Weโre working with security teams to mitigate the issue,โ he said on Twitter.
A few hours later, Grey returned to Twitter to announce that a โlarge portion of affected fundsโ had been recovered through a white hat security process.โ Adding: โWeโve confirmed recovery of more than 300ETH from CoffeeBabe of Sifuโs stolen funds. Weโre in contact with Lidoโs team regarding 700 more ETH.”
SEC Keeping Watch
This recent exploit is not positive news for SushiSwap and could impact its reputation in certain circles. The timing is also unfortunate as, despite stating SushiSwap did not โintend to comment publicly on ongoing [SEC] investigations or other legal matters,โ Grey commented on the SEC investigation less than 24 hours before the hack.
In a post, Grey admitted that he had received numerous questions from the community since mentioning the SEC subpoena. But, Grey and his counsel describe the investigation as a โnon-public, fact-finding inquiryโ that doesnโt suggest the SEC has โany negative opinion of any person, entity or assetโ related to the DAO.
Grey also added that, as they know, no one associated with Sushi has violated U.S. federal security laws.
On the Flipside
- While Grey was served the subpoena, seeking documents and information relating to Sushi, it is unclear if SushiSwap itself has been served. In the FAQs about the SEC action, Grey said: โWe do not know, one way or the other, whether the SEC has purported to serve a subpoena on any other person or entity that it believes represents the Sushi community.โ
Why You Should Care
The SEC is at the forefront of crypto regulation news currently. While it serves U.S.-based firms with Wells notices and enforces legal action on them, this is quite the departure from its usual modus operandi.
Read more about SushiSwap’s goals for 2023:
SushiSwapโs Jared Grey Unveils โ10x Market Shareโ Plan.
Read more about how Coinbase is trying to overturn the ban on Tornado Cash:
Coinbase Heads to Court: Still Backing Action to Overturn Tornado Cash Ban.