SUSHIUSDT Archives

14th December 2023

BREAKING: Sushi DeFi Security Breach: CTO Sounds Alarm, SUSHI Price Drops 4%

In a significant blow to the decentralized finance (DeFi) sector, the Sushi DeFi protocol has fallen victim to its second exploit this year.

The protocol’s Chief Technology Officer (CTO), Matthew Lilley, has issued a stark warning to users, advising them to refrain from using any decentralized applications (dApps) until further notice.

Sushi And Zapper Frontends Compromised

The latest breach has prompted concerns about the security and integrity of the Sushi DeFi protocol and other associated dApps. According to Lilley, a widely-used web3 connector has been compromised, allowing malicious code injection that affects numerous dApps.

Specifically, dApps that use the LedgerHQ/connect-kit, a dApp that allows users to connect other dApps to their Ledger hardware wallets, are considered vulnerable. Notably, Lilley’s warning underscores the severity of the situation, emphasizing that this is not an isolated attack, but a large-scale assault targeting multiple dApps.

Further investigation by security experts has revealed a potential supply chain attack on the ledger connect kit. The attacker allegedly successfully injected a wallet-draining payload into the popular Node Package Manager (NPM), impacting several prominent dApps, including Hey and others.

Additionally, it has been discovered that the Zapper and Sushi frontends have been hijacked, exacerbating the scope of the breach.

Slowmist, a module of Ledger, further confirmed that their system was hijacked and tampered with during the supply chain attack. This compromised the integrity of the ledgerhq/connect-kit library, which is relied upon by many dApps.

As a result, users are urged to exercise caution when conducting any dApp-related operations and to scrutinize requests for wallet information that may appear unexpected.

Malicious Connect Kit Neutralized?

In an official statement, Ledger has confirmed the identification and removal of a malicious version of the Ledger Connect Kit. The company assures users that their Ledger devices and Ledger Live remain uncompromised.

The company stated that a genuine version of the Connect Kit is currently being pushed to replace the malicious file. Ledger advises users to refrain from interacting with any dApps at the moment for their safety.

The company pledges to provide updates as the situation develops, ensuring users stay informed about the ongoing efforts to address the security breach.

SUSHI’s Uptrend Threatened By Exploit Fallout

In light of recent events affecting the Sushi DeFi protocol, its native token, SUSHI, has experienced a decline of over 4% within the past hour, reaching a low of $1.590.

Sushi

Before the exploit, SUSHI had been exhibiting a notable uptrend structure on its 1-day chart, marked by higher highs and higher lows. However, with the loss of its crucial support level at $1.961, there is a potential invalidation of the previously established uptrend.

The uncertainty surrounding the protocol’s native token raises the possibility of further downside in SUSHI’s price action. If a sustained downtrend continues, the next significant support level for SUSHI is located at $1.084.

Featured image from Shutterstock, chart from TradingView.com

11th October 2022

Here’s Why SUSHI Is Down More Than 10% In The Last 24 Hours

Over the last day, the price of SUSHI, the native cryptocurrency of the SushiSwap ecosystem, has been on the decline. However, this was not just a normal market decline and was tied to rumors that have been circulating in connection to its new ‘Head Chef’ Jared Grey’s conduct in the past and inappropriate sexual conduct with a… horse.

Accused Of Running Scams

A little over a week ago, the SushiSwap decentralized finance (DeFi) protocol appointed Jared Grey as its new head chef. All was fine for a while until the rumors started to emerge. In a thread, a Twitter user called out Grey over some of his previous projects.

The thread alleged that Grey had orchestrated various scams in the space under his company called “Multiplex PC” and had stolen crypto from investors. The account known as YannickCrypto pointed out that Grey had previously been the CEO of ALQO, which had been used to steal user funds. Apparently, the ALQO team had launched a web wallet which had then been used to steal a large supply of ALQO from investors.

The accusations did not end there because Yannick alleges that Grey had taken the scam further. Apparently, ALQO had subsequently been moved to the Ethereum blockchain and then renamed to EONS to make it impossible to trace back to ALQO.

Another scam Grey is accused of is of a crypto exchange, Bitfineon, that was promoted but never went live. The Twitter user explained that Grey had charged coin founders a 1 BTC listing fee for Bitfineon and stole about 20 BTC from founders this way.

Then there were the less unsavory rumors that Jared Grey had been involved in inappropriate sexual conduct with a horse. In true crypto fashion, this last rumor garnered the most interest and has since caused the price of SUSHI to dump.

SUSHI price falls 10% in 24 hours | Source: SUSHIUSD on TradingView.com
SUSHI Takes The Heat

Since the thread and the rumors began circulating, the price of SUSHI has taken a big hit in the market. The price had declined by more than 10% once the rumors were in full bloom, pushing the price of the digital asset down to $1.2 at this time.

SushiSwap Head Chef Jared Grey had then taken to Twitter to dismiss the rumors which he referred to as “baseless accusations.” He denied ever stealing funds from investors and instead said that his business partner had been the one who had actually stolen the funds.

“I have always operated with integrity in this space; you can reach out to anyone I’ve worked with directly over the years,” said Grey. “I’ve had business failures, which CT likes to scrutinize, and I’m OK with that because it comes with the territory.”

Featured image from Zipmex, chart from TradingView.com

Follow Best Owie on Twitter for market insights, updates, and the occasional funny tweet…

31st March 2022

SushiSwap Kicks Off Climb, Why This 40% Rally Is Just Getting Heated

Up 57% in two weeks and 40% in 30 days, SushiSwap (SUSHI) moves at its own beat. The decentralized finance (DeFi) token trends to the upside on the back of a potential integration with Stargate, the LayerZero implementation.

Related Reading | Why SushiSwap’s 15% Gain Could Be The Beginning Of An Uptrend

At the time of writing, SUSHI trades at $4.80 with a 14% profit in 24 hours.

SUSHI with small gains on the 4-hour chart. Source: SUSHIUSDT Tradingview

LayerZero is a communication protocol that enables direct interaction between different blockchains. Stargate is a bridge solutions running on top of it.

By integrating with SushiSwap, the decentralized exchange (DEC) could unify the liquidity spread across its 16 different versions. In that way, users would access cheaper cross-chain transactions, more security, new products and investment strategies.

If the integration is approved, for example, liquidity providers on this DEX could expand their rewards. In step of receiving a portion of the transaction fees for 1 liquidity pool running on Ethereum, they could collect rewards from all the pools across the SushiSwap ecosystem.

The voting process that will accept or denied this potential integration has begun. Data provided by the DEX’s governance; this voting will end on April 4, 2022.

Currently, a majority of SUSHI holders have voted yes on the proposal with 6.4 million of the token at the time of the snapshot. This represents 99.99% of the votes so far which suggest overwhelming support for this proposal.

The proposal was presented by Tangle and OxMaki and promises to provide a better user experience for cross chain swaps, maximize trading volumes on Sushi pools, and more benefits to the DEX’s treasury. The proponents wrote:

We propose to have Sushi integrate Stargate to facilitate Omnichain native asset swaps and transfers between networks. This will help unlock the power of Sushi by allowing users to move freely between assets and networks.

SushiSwap Signals More Gains

The DEX and its native token seem to be reacting to this announcement. A pseudonym analyst caught the move to SUSHI’s current levels based on an On-balance volume (OBV), a metric used to measure momentum, downtrend break for the daily chart.

As seen below, the analyst believes SUSHI could reach as much as $6 if the token is able to sustain its current momentum. With the apparent imminent approval of the Stargate integration proposal, a continuation of the upward trends seems likely.

$SUSHI – Nice looking setup with a downtrend break on OBV with confluence with a double bullish supertrend. pic.twitter.com/GqyKDeaUO4

— IncomeSharks (@IncomeSharks) March 30, 2022

Related Reading | SushiSwap Narrowly Escaped A $350 Million DeFi Hack, Here’s How

Additional data provided by Material Indicators (MI) suggest investor with bids orders between $100,000 are dominating the current price action. While this investor class remains optimistic, smaller investors have been selling into this SUSHI rally.

Large investors (purple) buy as retail (yellow) and smaller investors (green and red) sell this SUSHI rally. Source: Material Indicators.

25th March 2022

Why SushiSwap’s 15% Gain Could Be The Beginning Of An Uptrend

Decentralized exchange (DEX) running on multiple networks, SushiSwap (SUSHI) currently moves in tandem with the general sentiment in the market. The token approached the $4 price point but started trending to the downside as Bitcoin was rejected above $45,000.

Related Reading | How A Whitehat Hacker Saved 109K ETH On SushiSwap-Based Contract

As of press time, SushiSwap trades at $3.5 with a 1.5% loss in the last 24-hours.

SUSHI moving sideways on the 4-hour chart. Source: SUSHIUSDT Tradingview

SUSHI holders could benefit from a long-term bullish trend. Recently, developer 0xMaki shared a proposal to integrate SushiSwap with LayerZero via their first omnichain application called Stargate Finance.

LayerZero is a decentralized cross-chain solution to integrate multiple blockchains. The protocol allows the network to interact and communicate without a third party or token.

In that way, for SushiSwap, LayerZero and Stargate remove friction from the process of swapping tokens from a native chain to an alternative blockchain. The developer explained:

LayerZero, and is an Omnichain asset transfer protocol that leverages the Delta Δ Algorithm to solve the bridging trilemma:

Instant Guaranteed Finality: the guarantee of funds on the destination chain when a transaction is successfully committed on the source chain.

Unified Liquidity: the shared access of a single liquidity pool between multiple chains.

Native Assets: the user-desired assets (native or most liquid synthetic) on the destination chain.

SushiSwap has been released on multiple blockchains, and with LayerZero and its Stargate application, the protocol could combine all its liquidity without a single point of failure.

This means the different versions of the DEX on Ethereum, Polygon, Binance Smart Chain, Fantom, and others could launch unify cross-chain strategies and merge their total value locked.

According to 0xMaki’s proposal, an integration with Stargate would “facilitate” the transfer and swapping of tokens between native assets. In that way, SushiSwap could see its potential “unlock” and provide users with an improved experience to perform cross-chain trading, new strategies, and increase liquidity across SUSHI pools.

SushiSwap Goes Beyond One Single Blockchain

In addition to these features, Stargate facilitates transactions by tracking the user’s gas reserves. As the developer explained, the application can move gas between different blockchains to enable a transaction. 0xMaki added:

This eliminates the pains and struggles of trying to find a gas faucet, requesting gas from another user, or trusting that a User Application will send you enough gas after transferring.

Stargate and its native token STG have attracted the attention of major players in the crypto space. Sam Trabucco, CEO at Alameda Research, expressed the firm’s long-term bullish thesis for STG.

The firm participated in STG’s recent auction where they “bought all the tokens”. The assets will be kept under lock for at least 3 years.

The cross-chain asset management opens up a wide array of possible DeFi use cases, makes capital allocation for firms like Alameda more seamless, and aids in making the crypto markets more efficient — among many other benefits @StargateFinance is creating.

— Sam Trabucco (@AlamedaTrabucco) March 22, 2022

Related Reading | SushiSwap Narrowly Escaped A $350 Million DeFi Hack, Here’s How

STG was recently launched on crypto exchange FTX via the spot market. Once the produce was deployed, the token saw an increase in volatility and has been trending downwards in the last hour with a 128% profit in the past week.

17th August 2021

How A Whitehat Hacker Saved 109K ETH On SushiSwap-Based Contract

White hat hacker Samczsun from investment firm Paradigm reported what could be one of the biggest rescues ever on the SushiSwap protocol, the Ethereum ecosystem, and maybe the entire internet.

Just pulled off maybe the biggest whitehat rescue ever. Story time soon 🔥

— samczsun (@samczsun) August 17, 2021

Samczun claimed in a post that he found and help patch a vulnerability that was threatening over $350 million or 109,000 ETH from a Sushiswap based contract from its MISO platform. The white hacker reviewed the contract after he found there was a new auction taking place on the platform.

MISO uses two types of auctions Duct and batch. While Samczun was reviewing the DutchAuction contract, the white hacker found that functions InitMarket and InitAuction lacked access controls. This was “extremely concerning”.

I didn’t really expect this to be a vulnerability though, since I didn’t expect the Sushi team to make such an obvious misstep. Sure enough, the initAccessControls function validated that the contract had not already been initialized.

Samczun said that the above combined with the use of a mixin library called BoringBatchable by the contract made it more suspicious. The hacker recognized the ingredients that led to an attack on another platform during 2020.

Thus, Samczun was able to identify that SushiSwap was in danger. If exploited, the vulnerability would allow a bad actor to reuse a fixed amount of ETH to batch multiple calls to the contract. This would effectively allow the attacker to “bid in the auction for free”.

While processing token payments involved a separate transferFrom call for each loop iteration, processing ETH payments simply checked whether msg.value was sufficient. This allowed the attacker to reuse the same ETH multiple times.

Fixing A Multi-Million Dollar Bug On SushiSwap

In addition to free bids, a bad actor could steal the funds on the SushiSwap contract by triggering a refund. The attacker would have had only to send a higher amount of ETH than the auction hard cap. Samczun said:

This applied even once the hard cap was hit, meaning that instead of rejecting the transaction altogether, the contract would simply refund all of your ETH instead.

Just minutes after the white hacker discovered the vulnerability, he put set up a “poor man’s mainnet fork on the command line”. Thus, Samczun was able to verify if the contract would allow for the above describe attack.

Once the thesis was verified, the white hacker reported the bug to SushiSwap’s CTO Joseph Delong. He and other members of the protocol’s team coordinated a response to remove the bug. The team and Samczun “rescued” the funds by buying the remaining items. Thus, the auction was finalized.

As pseudonym community member DC Investor said, the fact that the vulnerability was discovered by a white-hat hacker from an investment firm with a high stake on Uniswap, the decentralized exchange competing with SushiSwap, says a lot about the “ethos” of the Ethereum ecosystem. DC said:

Found and helped patch a vulnerability that put over 109k ETH at risk everyone knows Paradigm has big UNI / Uniswap bags, but Sam from their team just helped save SushiSwap (an ostensible competitor) from a critical bug this is the ethos of the space among the best actors.

At the time of writing, SUSHI trades at $12,50 with a 2.4% loss in the daily chart.

SUSHI moving sideways after bug report was published on the daily chart. Source: SUSHIUSDT Tradingview

19th April 2021

How SushiSwap’s New Products Could Propel It to the DeFi Top

The DeFi sector saw a sharp drooped in its Total Value Locked, according to DeFi Pulse data. At the time of writing, the metric is recovering quickly and stands at $54.93B. Sitting at the number six spot on the top 10 DeFi protocols by TVL with $3.88B, SushiSwap could be on the verge of taking a leading position.

Uniswap’s v3 deployment is around the corner, but its competitor remains in the innovative race. Since January 2021, SushiSwap has been taking over the total Weekly DEX Volume, as research firm Messari reported.

Presently, SushiSwap generates around 15% of the weekly DEX volume. In comparison, Uniswap is responsible for around 11% of the same metric, as shown in the chart below.

How SushiSwap’s BentoBox and Kashi operate

Recently, SushiSwap released a new “aggressive strategy”. Its objective, to grow beyond its current use case as an automated market maker. The strategy revolts around BentoBox and Kashi Lending.

The first product is a single vault that contains the assets deposited by users and makes them available for DApps “builts off of the vault”, as Messari stated. In contrast with similar products, BentoBox is more efficient when transferring the token, more efficient in terms of gas fees and complexity, easier to integrate, and has “a single token approval for use”.

On the other hand, Kashi is a lending and margin trading platform. Created as BentoBox’s first DApp, Kashi operates with “isolated lending pairs”, as Messari stated.

Users lending assets in Kashi can yield an interest rate. The lending pairs work with a similar mechanism as that of liquidity pools, a user provides the asset as collateral for the lender, Messari adds:

By having specific lending pairs where the collateral can only be used to borrow one specific asset (eg. in a ETH/SUSHI pair, deposited ETH acts as the collateral for SUSHI and only SUSHI), the risk for users can be isolated to the quality of assets and oracle used for the pair.

As a SushiSwap developer reported, both BentoBox and Kashi have been live for only a week. However, the products are already seen a high demand for the stablecoins pairs. In its lending pairs with USDC with over 70% utilization and 100% utilization for YFI/SUSHI.

With USDT there has been a strong demand to use RUNE and ETH, as collateral and Bitcoin in its synthetic form wBTC. For this last part, there is around 50,000 to 70,000 avail and a 1% borrow rate.

The developer explained Kashi offers multiple strategists for an investor to leverage fluctuations in the crypto market. For example, and user can buy “the dip” on a token by using it as collateral to borrow a stablecoin with a discount borrow limit.

Kashi and BentoBox have support for Binance Smart Chain and will be available on EVM compatible networks. The developer said more features and integrations will be implemented:

Creates a one stop shop for projects to setup incentives for AMM LP providers and Kashi LP providers. Miso will push this even further along, and we imagine Sushi providing infrastructure for new projects to come market quick.

SUSHI is trading at $12,41 with a 10.5% correction in the daily chart. In the weekly and monthly chart, SUSHI has 12.4% and 38.9% losses, respectively.