SushiSwap releases plan to return user funds stolen in $3.3M hack
SushiSwap will refund the funds recovered after the hack, and also compensate users whose funds are still under the hackers' control.
SushiSwap — which suffered a hack over the weekend — has released a plan to return funds to all affected users.
According to the decentralized exchange, user funds were either “swept by whitehat security teams” or “lost to blackhat hackers.” If the funds are in the whitehat contract, it means the security teams recovered the funds, and users will be able to claim them. SushiSwap will build a Merkle Claim contract to return the recovered funds to user wallets.
However, for funds stuck on the Blackhat contract, users will have to wait longer for a refund. This is because the decentralized exchange has to manually verify the legitimacy of each claim through on-chain data analysis on a claim-by-claim basis and pay it out accordingly.
The decentralized exchange noted that users who did not interact with the protocol over the past 10 days are likely unaffected by the hack. Nonetheless, the team urged users to check their approvals as a security measure.
On April 9, SushiSwap was exploited through an approve-related bug on its RouterProcessor2 contract. Users who approved the vulnerable contract had their assets stolen — leading to a total loss of around $3.3 million.
One of the attackers returned 90 ETH stolen in the attack, while security firm BlockSec recovered another 100 ETH.