It should be noted that cryptocurrency hackers and scammers were less active in the first quarter of 2023. Specifically, they received the equivalent of $452 million from their victims, which was almost three times less than the corresponding result in 2022. At that time, hackers “earned” the equivalent of more than $1.3 billion.

And it was decentralized platforms that turned out to be the biggest target for fraudsters. They brought them 74 percent of the total amount of stolen assets.

It seems that this statistic will continue to grow in the second quarter of this year. It’s all due to the hackers’ successful activity in interacting with the decentralized exchange SushiSwap.

How was SushiSwap hacked?

According to DefiLlama developer 0xngmi, the incident threatened wallet holders who interacted with the decentralised platform for days before the hack.


Why are users who interacted with the exchange the day before at risk? It's due to the permissions that users give to the exchange's smart contract before interacting with it. In the case of decentralised exchanges, the user has to allow the relevant smart contract to send coins from their wallet, which is necessary for transactions to take place. This means that the involvement of fraudulent programmers can lead to the theft of crypto-assets of people who have previously agreed to the terms of engagement with the platform.

In such situations, it is necessary to revoke the permissions granted to the compromised platform. This can be done unilaterally. For example, on the Etherium network, a special Revoke.cash platform allows to revoke permissions.


If you find yourself among those who have confirmed transactions with a smart contract through a link, revoke the approval of the transfers immediately. According to Cointelegraph sources, this was also reported by the platform’s chief developer Jared Gray.

As a result of the vulnerability, co-founder of bankrupt Canadian exchange QuadrigaCX Michael Patrin (0xsifu) lost about 1,800 ETH, which is about $3.3 million at the coin’s exchange rate at the time of the problems.

A cryptocurrency enthusiast under the Twitter handle Trust said that he was the first to discover the vulnerability, withdrew 100 ETH belonging to Patrin and tried to notify him of the incident. However, the attackers traced the attack vector and repeated it, which only resulted in more losses. Trust itself is allegedly a white collar hacker, that is, someone who uses the vulnerabilities found to hack the platform and then return the crypto-assets to their owners. This is to ensure that the coins are not similarly accessed by full-fledged hackers, who will not return the stolen money.

A few hours after the incident, Gray tweeted that “most of the funds” had been returned. Experts are currently working to recover the remaining 700 ETH.

???? YOU CAN FIND MORE INTERESTING STUFF ON US AT YANDEX.DEN!

All in all, the last weekend for the SushiSwap community was a really eventful one, and not just because of the hack. On Saturday, Jared Gray also announced that he had been served a subpoena by the US Securities and Exchange Commission (SEC) in March demanding more information and documents about the SushiSwap platform. The developer noted that further action by the regulator remains unknown. Here is the relevant quote.

We do not know one way or the other whether the Commission tried to serve a subpoena to any other person or entity it believes represents the SushiSwap community.


Note that the day before, the US Treasury Department released a report on the decentralised finance industry. It noted that DeFi-platforms that do not comply with anti-money laundering and other financial crimes are a risk to the traditional economy. Accordingly, such platforms could also be in the crosshairs of regulators next.


Gray and his lawyers have assured the community that the investigation does not involve any wrongdoing. Here is the relevant rejoinder.

The investigation does not imply that the SEC has concluded that Jared, his employer Internet Three Software Company or Sushi broke any law. Nor does the investigation mean that the regulator has a negative opinion of any person, organisation or asset.

Such news does, however, look alarming against the background of past actions by the Commission. Still, the Commission has previously banned steaking on the Kraken platform for US customers, as well as the issuance of BUSD steblecoin by Paxos. In addition, the regulator has threatened legal action against Coinbase, the largest US cryptocurrency exchange.

While there’s allegedly no threat to Sushi so far, that doesn’t mean the regulator won’t take more drastic action in the future. For now, it is pushing hard on the crypto industry, so amid such concerns, the value of this ecosystem’s altcoin could also be at risk.


Situations like this show that cryptocurrency users are better off regularly withdrawing approvals from smart contracts they are no longer interacting with. This will ensure that they do not have to worry about the consequences of a possible hack and secure their own coins. It's also safer to keep the bulk of your cryptocurrencies on a hardware wallet so that they are extra secure. As a reminder, hardware wallets sign transactions off the Internet, so they do not expose private keys. This prevents hackers from accessing and emptying the address.


Follow developments in our cryptochat. That way you won’t miss out on more interesting news from the world of decentralised assets and finance.