SushiSwap Falls Prey to ‘Scavanger’ Attack as Hacker Turns 0.001 ETH to 81.68 ETH

SushiSwap, a popular DEX protocol was at the receiving end of what many called another Rug Pull attack, via Badger DAO token DIGG. The transaction that caught everyone’s eye was attempting to convert 0.05% of the DIGG/WBTC swap fees (for ~24hrs) through a DIGG/ETH pool with little liquidity and suffering high slippage, resulting in outsized fees for the liquidity providers of the DIGG/ETH pool.

The attacker exploited a loophole of a low liquidity pool with non-eth pair where the trading fee which was supposed to go to the stakers on the network went to the attacker instead. The attacker used the loophole to create a new pair with a low liquidity pool resulting in a high transaction fee, and that fee was taken away by the exploiter in absence of a bridge that would send the fee to the stakers.

Fortunately, no underlying LP or xSUSHI positions were affected, only the earnings for the affected asset (0.05% fees for DIGG/WBTC swaps — 81 ETH) from the previous day were lost.

A bridge has been set up for DIGG through the maker contract to resolve this issue for xSUSHI participants. This bridge is also included in SushiMaker.

A Major Mishap or a Minor Loophole?

A defi expert on Twitter revealed that the attack was not a major setback or even a rug pull, rather more of a scavenger hunt

He explained,

After researching further, we found that although there had been an exploit, the damage had already been contained, and what had been perceived as a threat to the entire SushiSwap protocol was simply a smart scavenger picking up food that had been left behind.

What many perceive to be another attack on the whole network turned out to be a minor mistake on the Sushi team who now have contained the problem and filled the loophole by creating the bridge for Dthe IGG token.

Originally published at on January 27, 2021.




Sharing the handpicked CryptoCurrency and Blockchain Technology News

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Hacker101 CTF: Android Challenge Writeups

SQL Injection Techniques and Preventions

ProBit Cup: PROB Referral Event

Become a Human Firewall — IT Support Georgetown, TX

Possibilities of mobile Application S-Wallet.

Insider Risks — What are they and how can we mitigate them?

XT Will List ALT (5/26/2021)

Passed the OSCP without any Security Work Experience (First Attempt)!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Crypto Captain

Crypto Captain

Sharing the handpicked CryptoCurrency and Blockchain Technology News

More from Medium

What are liquidity lockers? How to protect your funds on DeFi platforms?

Ethereum Ropsten Merge | Regtank

FLUIDEFI, DeFi, and the Future of Finance

inSure DeFi Expands its Crypto Portfolio Insurance Ecosystem to Avalanche