The SushiSwap team discovered and fixed the vulnerability after withdrawing from the decentralized Protocol from $10,000 to $15,000. The developer of the project 0xMaki told about the exploit.
The developer explained the small amount of damage by saying that the attack consisted of stealing Commission income. Their daily amount does not exceed $20,000 – $30,000.
The attacker made the first microtransaction two or three days ago. On November 29, he put them “on stream.” 0xMaki, in a conversation with the Rekr platform, noted that it took about four hours to find and fix the vulnerability.
SushiSwap will reimburse the damage from the Project Fund. According to the developer, the attack organizer deserved the stolen funds as a reward for identifying the problem.
Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.
LP – xSushi holders are safe!
More soon! https://t.co/QmhNMTP28L
— 0xMaki 源 義経 (@0xMaki) November 29, 2020