On April 8, 2023, Sushi core contributors soft launched V3 upgrades for the protocol that included a new router called RouteProcessor2 to facilitate swaps from the frontend. The router was planned to be used across each iteration of Sushi’s AMM pools (v2, Trident, v3), and to also be used for future aggregating across other protocols (Uni, Pancake, etc.). The RouteProcessor2 contract was deployed to 15 networks including: Arbitrum, Arbitrum Nova, Avalanche, Boba, BSC, Ethereum, Fantom, Fuse, Gnosis, Moonbeam, Moonriver, Optimism, Polygon, and Polygon ZkEVM. Unfortunately the contract had a critical vulnerability. To read more about what happened, please refer to our .
Revoke approval
We highly recommend you revoke approval even if you have no hacked funds. Without revoking approval you remain vulnerable and funds can get hacked later on.
No user connected
Claim whitehacked funds
Please revoke any token approvals you have on RouteProcessor2. Once you have revoked approvals, you will be able to claim any lost funds resulting from the exploit.
No user connected
If your funds rest in the whitehat contract, they are claimable here
If you do not see any available claims but you did get your funds hacked, fill in the following form. Blackhat funds will take longer to process, as the team will verify the legitimacy against on-chain data that validates them and will get paid accordingly.
Frequently asked questions
My funds were lost in this exploit. What can I do?
What is RouteProcessor2 Vulnerability? What happened?
Can we use Sushi safely now?
My funds have been hacked but I am not seeing any claims available