A vulnerability in SushiSwap has resulted in the theft of more than $3.3 million from at least one user. The root cause is a flaw in the RouterProcessor2 contract that enables a third party to “yoink” tokens without the owner’s consent. While more than 2000 addresses on Layer 2 Arbitrum appear to have authorized the faulty contract, 190 Ethereum addresses have approved the problematic contract, according to Block Research Analyst Kevin Peng. Security teams and Sushi are collaborating to resolve the problem.
SushiSwap hacked, Head Chef says ‘revoke all chains’