Another DeFi Hack: $3M in ETH Stolen From SushiSwap’s Token Platform

DeFi exploits continue as SushiSwap’s CTO Joseph Delong informed that the protocol’s token platform MISO became the victim of a supply chain attack. Early estimations show that the attacker duped more than $3 million in ETH.

Delong took it to Twitter earlier on September 17th to indicate that the MISO front end “has become the victim of a supply chain attack.”

The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is @eratos1122.

864.8 ETH was stolen, address below

— Joseph Delong (@josephdelong) September 17, 2021

An anonymous contractor going by the GitHub handle, AristoK3, had injected a malicious code into the front end. Thus, they managed to exploit one NFT auction – the automobile-focused Jay Pegs Auto Mart. Delong updated that all issues in the auctions have since been patched.
According to the project’s website, MISO serves as a suite of open-source smart contracts created to ease the process of releasing a new project on the SushiSwap exchange. Despite being launched last year, the DEX is one of the largest, with a 24-hour trading volume of nearly $700 million.
The Ethereum address provided by Delong where the funds were sent shows that the perpetrator managed to steal 865.1 ETH tokens. With today’s prices, this amount exceeds $3 million.
SushiSwap’s CTO also said the team had contacted FTX and Binance to receive KYC information, but so far, the two exchanges haven’t complied “on this sensitive matter.”
Delong also warned that if the funds are not returned by 8 am ET, the team had instructed the lawyer to file an IC3 complaint with the FBI.
It’s worth noting that SushiSwap’s native token has dropped by more than 9% in the hours after the hack.

Leave a Reply