A pseudonymous cryptocurrency pentester, known for their white hat hacking activities, found themselves in a race against time and malicious bots after identifying a vulnerability in SushiSwap’s RouterProcessor2 contract.
The hacker managed to secure 100 ethereum (ETH) of the affected funds before malicious bots copied the attack, leading to a loss of over $3.3m (approximately 1800 ETH). The hacker, whose identity remains anonymous, tweeted today that they had successfully “white-hacked” 0xSifu for 100 ETH and were willing to return the funds if contacted. He was later thanked by Sifu in a tweet for the restitution.
However, their attempt to protect the platform was thwarted by the swift actions of miner-extractable value (MEV) bots, which deployed contracts and replicated the attack before the vulnerability could be fully addressed.
Miner Extractable Value (MEV) bots are automated programs designed to exploit opportunities for profit within blockchain networks, specifically within the Ethereum ecosystem. These bots take advantage of the inherent design of decentralized networks, where miners are responsible for validating and ordering transactions within blocks. MEV bots seek to capitalize on the power miners have in choosing which transactions to include in a block and the order in which they are placed.
The primary focus of MEV bots is to identify and act on profitable opportunities, such as frontrunning, backrunning, arbitrage and sandwich attacks. These strategies allow MEV bots to profit from the knowledge of pending transactions by manipulating their placement within the block. WhenTrust was asked why he did not just warn Sifu instead, he wrote:
“I wasn’t aware of how ridiculously advanced MEV bots are (rebuilt 3 TXs), I thought every second matters, and wanted to white-hack a bunch more addresses.”
The question seemingly hinted at the cybersecurity principle of responsible disclosure. Responsible disclosure is a principle within the cybersecurity community that emphasizes the ethical reporting of discovered vulnerabilities in software or systems to the respective developers or vendors before making the information public. The primary goal of responsible disclosure is to provide the affected party an opportunity to address and fix the vulnerability, thus minimizing the risk of exploitation by malicious actors.
In the context of cryptocurrencies and blockchain technology, preemptive hacking to secure funds in a vulnerable position might not be a favorable option due to the public nature of crypto transactions. On decentralized networks, transaction data is transparent and accessible to all participants.
This openness enables bad actors to observe and imitate such transactions. Consequently preemptive hacking is only reasonable when all vulnerable funds can be secured quickly enough, preventing bad actors from replicating the attack in time.
Crypto cybersecurity firm PeckShield weighed in on the situation, revealing that the RouterProcessor2 contract on SushiSwap had an approve-related bug that led to the substantial loss from 0xSifu. The firm urged users who had approved the contract to revoke their approval as soon as possible, providing a link to the contract’s address on Etherscan.
Jared Grey, SushiSwap’s head developer, confirmed the presence of the approval bug in the RouterProcessor2 contract via a tweet. He urged users to revoke their approval immediately and assured them that the platform’s security teams were working on mitigating the issue. Grey also reported that a significant portion of the affected funds had been secured through a white hat security process.
In a follow-up tweet, Grey announced the recovery of more than 300 ETH from CoffeeBabe, a user who had managed to recover some of the stolen funds. SushiSwap is also in contact with Lido’s team to secure an additional 700 ETH.
This incident highlights the ever-evolving landscape of cryptocurrency security, where white hat hackers work to protect platforms and assets, but malicious actors remain a constant threat. It also underscores the need for heightened security measures and collaboration between platforms and white hat hackers to address vulnerabilities and minimize losses.
