DeFi Platform 'Sushiswap' Attacker Foiled by Dev Team's Quick Moves

Despite some rather serious PR issues earlier this year, automated market maker, Sushiswap seems to be making a comeback after the platform managed to fend off an attempted exploitation on Saturday.

CoinTelegraph reported that Sushiswap’s anonymous head developer, who goes by @0xMaki on Twitter, appears to have taken steps to mitigate the alleged exploit attempt.

Another anonymous Twitter user, @Juan_Snow1, wrote that 0xMaki seems to have been in direct communication with the hacker who was attempting to exploit the platform, offering them a bug bounty for the exploit.

Possible @SushiSwap exploit found? @0xMaki sends exploiter a tx with a message to collect bug bounty.

See below 👇

tx with message from 0xMakihttps://t.co/1MdXqw9chq

Exploiters address:https://t.co/ehh7EassCo@DefiantNews pic.twitter.com/fRpdA1j7y1

— JuanSnow (@JuanSnow) November 29, 2020

“I see you, we are working on fixing it. Contact me on Discord for a bug bounty - 0xMaki,” read a message that 0xMaki signed a transaction to the hacker with.

While it is unclear whether or not the attacker accepted the bounty, the Sushiswap Discord channel now reports that the exploit was resolved, and that the $10,000 or $15,000 in user funds that were lost during the exploit will be restored to affected users by the Sushiswap Treasury.

Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.

LP - xSushi holders are safe!

It is a fascinating one thanks @andy8052 @danielque & sushi core devs for the quick reaction and help.

More soon! https://t.co/QmhNMTP28L

— Tokemaki ☢️ 🦇🔊 (@0xMaki) November 29, 2020

What Happened?

@Andy8052, a Sushiswap developer that was named by 0xMaki in the post-mortem report of the attack, told CoinTelegraph that the attacker managed to pull off the exploit by wrapping Liquidity Liquidity The term liquidity refers to the process, speed, and ease of which a given asset or security can be converted into cash. Notably, liquidity surmises a retention in market price, with the most liquid assets representing cash.The most liquid asset of all is cash itself.· In economics, liquidity is defined by how efficiently and quickly an asset can be converted into usable cash without materially affecting its market price. · Nothing is more liquid than cash, while other assets represent The term liquidity refers to the process, speed, and ease of which a given asset or security can be converted into cash. Notably, liquidity surmises a retention in market price, with the most liquid assets representing cash.The most liquid asset of all is cash itself.· In economics, liquidity is defined by how efficiently and quickly an asset can be converted into usable cash without materially affecting its market price. · Nothing is more liquid than cash, while other assets represent Read this Term pool tokens and deploying them to a new pool.

Essentially, the attacker used “really weird logic to pull the underlying tokens from the reward contract,” Andy said.

However, the affected contracts were patched within hours. 0xMaki also said that the auditing firm Peckshield will be reviewing the changes.

@Andy8052 told CoinTelegraph that in spite of Sushiswap’s troubles earlier in the year, he has great faith in the new Sushiswap team.

“They have been heads down working super hard,” he said. “Just look at all the cool stuff they have released and are working on. It definitely doesn't hurt my view of them but also didn't really change much for me personally as I already thought pretty highly of the team.”