Back to the list

$3M in Ether Stolen from SushiSwap’s MISO Launchpad

www.coindesk.com 17 September 2021 08:34, UTC
Reading time: ~2 m

A non-fungible token (NFT) auction on the MISO token launchpad built on SushiSwap appears to have been exploited, with the attacker making off with roughly $3 million in ether, SushiSwap CTO Joseph Delong tweeted Thursday.

  • Delong said that an anonymous contractor using the Github handle “AristoK3″ injected malicious code into Miso’s front-end in a supply chain attack. He added the link to an Ethereum address showing ETH 864.8 transferred at approximately 16:00 UTC on Thursday.
  • Etherscan has identified the address as part of an exploit.
  • Supply chain attacks happen when a malicious actor changes a contract address to one they control. This type of attack can occur with open-source software libraries, according to the U.S. National Counterintelligence and Security Center.
  • Only one contract appears to have been exploited, according to the CTO, for the JayPegsAutoMart NFT sale.
  • The attacker, who has done work with DeFi protocol yearn.finance, replaced the auction’s wallet address with their own, Delong said.
  • The CTO said the team “has reason to believe” the attacker was eratos1122, linking to a Twitter account that identifies as a blockchain and mobile games developer.
  • SushiSwap has asked FTX and Binance, to hand over the hacker’s know-your-customer information of the individual.
  • CoinDesk has not been able to independently verify the attacker’s identity as of press time.
  • If the funds are not returned by 12:00 UTC, the DeFi exchange will file a complaint with the FBI, Delong said.

Back to the list

Similar news
Suggest news