Entries related to SushiSwap

April 4, 2024

SushiSwap team votes to give themselves control of much of the "decentralized" project's treasury

The leadership team behind SushiSwap, a popular defi platform, submitted proposals for a DAO governance vote that would transfer control of around $40 million from the DAO to a small centralized organization called "Sushi Labs". That organization would also receive all future airdrops awarded to SushiSwap. According to the proposal, this was motivated by a desire for efficiency and faster development.

The "yes" votes are currently in the lead with a 63% margin. The most yes votes came from sushigov.eth, the official SushiSwap team address, which also created the proposal. It is the first time that address has ever participated in a governance proposal.

The 5.5 million yes votes from the team wallet, plus another 3.1 million delegated from other community members, were enough to push the vote to majority support. A former SushiSwap contributor has also alleged that the SushiSwap team was manipulating the vote with additional wallets.

On Twitter, Sushi's "Head Chef" claimed that he had consulted with lawyers and then authorized the voting activity out of fear of an "extortative [sic] governance attack attempt".

"SushiSwap Community Cries Foul Over Vote to Centralize $53M Treasury", Decrypt [archive]
"SushiSwap team treasury takeover looks likely despite heated debate", Cointelegraph [archive]
Tweet by Jared Grey [archive]

April 8, 2023

0xSifu loses more than $2.7 million to SushiSwap hack

(attribution)

0xSifu, also known as Michael Patryn, also known as Omar Dahani, is the once-pseudonymous chief developer of the Wonderland protocol. His identity was discovered by zachxbt in January 2022, when the crypto sleuth revealed that "0xSifu" was Patryn, a man with a history of financial crimes who was previously involved with QuadrigaCX, an exchange which lost over $150 million in customer funds in 2018.

Today, Sifu himself was the victim of a theft as a bug in the SushiSwap decentralized exchange allowed a hacker to make off with around 1,800 ETH (more than $3.3 million) belonging to him. According to SushiSwap leader Jared Grey, around 300 ETH (~$557,000) of Sifu's funds were subsequently recovered.

Analysts have found that almost 200 addresses on the Ethereum network have approved the vulnerable contract, and around 2,000 addresses approved the vulnerable contract on Arbitrum, Polygon, and other chains. It's not yet clear how much was stolen in total. SushiSwap leader Grey urged users via Twitter to revoke approval for the vulnerable smart contract.

September 17, 2021

Supply chain attack drains $3 million from SushiSwap

A retro-looking website titled "JAY PEGS AUTO MART". There are buttons for "MINT' DONA" and "BIG OCEAN", and gifs of wacky inflatable tubes at the bottom.

Jay Pegs Auto Mart website (attribution)

SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.

"Inside the Hunt for the Jay Pegs Auto Mart Thief and 865 ETH", The Defiant
Another DeFi Hack: $3M in ETH Stolen From SushiSwap’s Token Platform, CryptoPotato
"$3M Was Stolen, but the Real Steal Is These Kia Sedonas, Say Anonymous Developers", Coindesk

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.