SushiSwap Addresses SEC Subpoena While Exploit Leads to $3.3M in Losses

The timing of the exploit could not be worse.

Sushi holding swords next to two sashimi.
  • The unfortunately-timed hack led to a loss of 1,800 ETH.
  • The exploit comes a day after the DeFi platform broke its silence about an SEC subpoena.
  • Despite a post from Head Chef Jared Grey, there are still more questions than answers about the SEC’s action toward SushiSwap.

Whenever the Securities and Exchange Commission (SEC) is mentioned alongside a crypto company, there is cause for concern given the U.S. approach to regulation by enforcement.

On March 21, it was revealed that Sushi DAO Head Chef Jared Grey was served with a subpoena from the SEC, which Grey addressed and explained on April 8. However, a day after the explanation, a bug on the DeFi platform led to over $3 million in losses.

Unusual Activities

The hack on SushiSwap was identified by Blockchain security companies CertiK Alert and Peckshield. Taking to Twitter, it was noted that there was some unusual activity related to the approval function in Sushi’s Router Processor 2 contract.


Following the identification of the bug, around 1,800 ETH were lost, totaling $3.3 million. It was also stated that the hack should only affect users who swapped in the protocol in the past four days.

Grey sprung into action, asking users to revoke permissions for all contracts on the protocol. 

“Sushi’s RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We’re working with security teams to mitigate the issue,” he said on Twitter.


A few hours later, Grey returned to Twitter to announce that a ”large portion of affected funds” had been recovered through a white hat security process.” Adding: “We’ve confirmed recovery of more than 300ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH.”

SEC Keeping Watch

This recent exploit is not positive news for SushiSwap and could impact its reputation in certain circles. The timing is also unfortunate as, despite stating SushiSwap did not “intend to comment publicly on ongoing [SEC] investigations or other legal matters,” Grey commented on the SEC investigation less than 24 hours before the hack.

In a post, Grey admitted that he had received numerous questions from the community since mentioning the SEC subpoena. But, Grey and his counsel describe the investigation as a “non-public, fact-finding inquiry” that doesn’t suggest the SEC has “any negative opinion of any person, entity or asset” related to the DAO

Grey also added that, as they know, no one associated with Sushi has violated U.S. federal security laws.

On the Flipside

  • While Grey was served the subpoena, seeking documents and information relating to Sushi, it is unclear if SushiSwap itself has been served. In the FAQs about the SEC action, Grey said: “We do not know, one way or the other, whether the SEC has purported to serve a subpoena on any other person or entity that it believes represents the Sushi community.”

Why You Should Care

The SEC is at the forefront of crypto regulation news currently. While it serves U.S.-based firms with Wells notices and enforces legal action on them, this is quite the departure from its usual modus operandi.

Read more about SushiSwap’s goals for 2023:
SushiSwap’s Jared Grey Unveils “10x Market Share” Plan.

Read more about how Coinbase is trying to overturn the ban on Tornado Cash:
Coinbase Heads to Court: Still Backing Action to Overturn Tornado Cash Ban.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Darryn Pollock

Darryn Pollock is a South African-born, UK-based journalist and content writer for DailyCoin with a focus on regulation and legislation revolving around the cryptocurrency space. He has covered the evolving crypto regulatory space, and examined how the US has approached law-making to offer protection in the growth of innovation. Darryn values traditional journalistic principles of truth, accuracy, independence, fairness, and impartiality, and has a Bachelor of Arts degree in Journalism and Law from Rhodes University in South Africa.