Security & Audits
Share
As per security reports shared on Twitter by CertiK Alert and Peckshield, a bug in the Router Processor 2 contract of the SushiSwap decentralized finance (DeFi) protocol caused losses of more than $3 million on April 9.
This bug pertained to the approval function of the contract, which is responsible for combining trade liquidity from several sources to determine the best coin swapping price. Within a short span, the bug led to a loss of $3.3 million.
Pseudonymous developer 0xngmi from DefiLlama has stated that only those users who conducted swaps through the protocol in the last four days are likely to be affected by the hack.
Jared Grey, the head developer of Sushi, has advised users to withdraw permissions for all contracts on the protocol immediately. To tackle the issue, a GitHub list of contracts using various blockchains has been created to facilitate revocation.
Jared Grey has also mentioned that they are working with security teams to mitigate the impact of the approval bug on Sushi's RouteProcessor2 contract.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
Shortly after the event, Grey used Twitter to inform everyone that a considerable amount of the affected funds had been recovered via a security process that involved ethical hackers.
Specifically, they were able to retrieve over 300 ETH from CoffeeBabe, who had obtained the funds from Sifu's stolen funds. Grey also mentioned that they were in contact with Lido's team about 700 more ETH.
Over the weekend of April 8th, the Sushi community experienced a highly intense period. Grey and his legal team provided comments about the recent subpoena from the Securities and Exchange Commission (SEC).
Grey stated that the SEC is currently conducting a non-public investigation to determine if there have been any breaches of the federal securities laws. However, as of that time, the SEC had not made any conclusions that anyone connected with Sushi had violated US federal securities laws. Grey emphasized that he was cooperating with the SEC's investigation.
It is important to note that on March 21, a legal defense fund was proposed on Sushi's governance forum in response to the subpoena.
Related Articles
Editor's Picks
UAE Stablecoins: Why They Are Built to Travel, Not Stay Local
Walid Abou Zaki
Feb 28, 2026
8 min
The Central Bank of the UAE Clearing the Noise Around Article 62
Walid Abou Zaki
Feb 25, 2026
5 min
Europe’s Crypto Purge: Did Lithuania Just Kick Out Innovation — and is the UAE the Beneficiary?
Salma Naueihed
Feb 18, 2026
7 min
Read More Articles
In the Same Space
Apex Group targets $100B in tokenized assets with T-REX Ledger
News Desk
Mar 19, 2026
5 min
Polymarket acquires Brahma to strengthen onchain infrastructure
News Desk
Mar 19, 2026
4 min
Flow Traders launches 24/7 OTC liquidity for tokenized assets
News Desk
Mar 19, 2026
3 min
Evernorth files to go public via SPAC with $1B XRP treasury
News Desk
Mar 19, 2026
2 min
