As you may have seen, news broke last night that an approval contract on Sushiswap was exploited:
We've already had reports of users in the Telegram who had their Moons and potentially other funds stolen.
If you used Sushiswap recently please take a moment to revoke permissions in your MetaMask/wallet. On Arbitrum Nova you can review token approvals for your address here:
Sushi also has their own approval checker for the exploited contract here: https://www.sushi.com/swap/approvals
You can review token approvals across multiple chains and easily revoke using a tool like https://revoke.cash/
EDIT 2 pm ET: Update from Sushi CTO here with some important info: https://nitter.net/MatthewLilley/status/1645116270726053890
If you are a user and you have been affected, please check for the output address your funds have gone to. Our whitehat rescue address is 0x74Ebb8e8d0B0cc65F06040EB0f77B5DA0e33fFeE
If you have another address for where your funds went, then please contact us at firstname.lastname@example.org w/ the tx hash and chain you were on
There is no risk at this time with using Sushi Protocol, and the UI. All exposure to RouterProcessor2 has been removed from the front end, and all LPing / current swap activity is safe to do
Will update with any further developments and when post-mortem is released.