The team of decentralized exchange SushiSwap has discovered a vulnerability in the RouteProcessor2 smart contract, which is used to route trading.
The head of the platform, Jared Grey, has recommended that approvals on all blockchains be withdrawn.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
He has said:
"Sushi's RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We're working with security teams to mitigate the issue."
According to PeckShield, Michael Patryn, co-founder of bankrupt Canadian exchange QuadrigaCX, has lost around 1,800 ETH as a result of the attack.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange
A Twitter user with the moniker Trust (presumably a white hacker) has claimed he allegedly discovered the vulnerability first and withdrew 100 ETH belonging to Patryn, intending to return it to its rightful owner later. However, the unknown hacker traced the attack vector and repeated the attack.