{"id":32541,"date":"2020-11-30T09:57:18","date_gmt":"2020-11-30T07:57:18","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=32541"},"modified":"2025-08-28T09:11:50","modified_gmt":"2025-08-28T06:11:50","slug":"defi-protocol-sushiswap-loses-up-to-15000-due-to-vulnerability","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/defi-protocol-sushiswap-loses-up-to-15000-due-to-vulnerability\/","title":{"rendered":"DeFi protocol SushiSwap loses up to $15,000 due to vulnerability"},"content":{"rendered":"<p>The SushiSwap team discovered and fixed the vulnerability after withdrawals from the decentralized protocol totaling between $10,000 and $15,000. The exploit was described by the project developer 0xMaki.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.<\/p>\n<p>LP \u2014 xSushi holders are safe!<\/p>\n<p>It is a fascinating one thanks <a href=\"https:\/\/twitter.com\/andy8052?ref_src=twsrc%5Etfw\">@andy8052<\/a> <a href=\"https:\/\/twitter.com\/danielque?ref_src=twsrc%5Etfw\">@danielque<\/a> &#038; sushi core devs for the quick reaction and help.<\/p>\n<p>More soon! <a href=\"https:\/\/t.co\/QmhNMTP28L\">https:\/\/t.co\/QmhNMTP28L<\/a><\/p>\n<p>\u2014 0xMaki \u6e90 \u7fa9\u7d4c (@0xMaki) <a href=\"https:\/\/twitter.com\/0xMaki\/status\/1332993111950319618?ref_src=twsrc%5Etfw\">November 29, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The attacker explained that the damage was modest because the attack involved stealing commission revenues. The daily amount does not exceed $20,000\u2013$30,000.<\/p>\n<p>The attacker conducted the first microtransaction two to three days ago. On November 29, he began moving them in bulk. In a discussion with the platform <a href=\"https:\/\/rekt.ghost.io\/sushiswap-saved-0xmaki-speaks-out\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Rekr<\/a>, 0xMaki noted that it took about four hours to search for and fix the vulnerability.<\/p>\n<p>SushiSwap will reimburse the damage from the project fund. According to the developer, the attacker earned the stolen funds as a reward for identifying the problem.<\/p>\n<p>Earlier, in September in the SushiSwap governance mechanism <a href=\"https:\/\/u1f987.com\/en\/news\/developer-finds-another-vulnerability-in-sushiswap-protocol\">identified<\/a> a double-spend bug.<\/p>\n<p>Earlier, experts <a href=\"https:\/\/u1f987.com\/en\/news\/experts-identify-ten-vulnerabilities-in-sushiswap-protocol\">identified<\/a> ten vulnerabilities in the protocol, one of which could have led to transfers to any address.<\/p>\n<p>Follow ForkLog\u2019s news on Facebook!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SushiSwap team discovered and fixed the vulnerability after withdrawals from the decentralized protocol totaling between $10,000 and $15,000. The exploit was described by the project developer 0xMaki.<\/p>\n","protected":false},"author":1,"featured_media":32542,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1093,1379],"class_list":["post-32541","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-defi","tag-sushiswap"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/32541","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=32541"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/32541\/revisions"}],"predecessor-version":[{"id":32543,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/32541\/revisions\/32543"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/32542"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=32541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=32541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=32541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}