SushiSwap’s Token Launchpad Hacked for Over $3M in Ethereum
SushiSwap’s token platform called MISO was reportedly attacked on Thursday, with the hacker stealing 864.8 Ethereum, approximately $3 million in current prices. SushiSwap is one of the largest decentralized exchanges (DE...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
SushiSwap’s token platform called MISO was reportedly attacked on Thursday, with the hacker stealing 864.8 Ethereum, approximately $3 million in current prices.
SushiSwap is one of the largest decentralized exchanges (DEX) in the world and rival to Uniswap, with more than $495 million in trading volume over the last 24 hours, per CoinGecko.
As described on the project’s website, MISO is “a suite of open-source smart contracts created to ease the process of launching a new project on the SushiSwap exchange.”
According to SushiSwap’s CTO Joseph Delong, MISO fell victim to a so-called supply chain attack, which saw an anonymous contractor going under the GitHub handle AristoK3 inject malicious code into the platform’s front end and replace the auction’s wallet with their own address.
The only exploited auction was the @JayPegsAutoMart auction. The attacker inserted their own wallet address to replace the auctionWallet at the auction creation.
Effected auctions have all been patched.
— Joseph Delong (@josephdelong) September 17, 2021
The exploited NFT auction in question is automobile-themed Jay Pegs Auto Mart, which has already been patched.
According to Ethereum blockchain explorer Etherscan, which has identified the address shared by Delong as the one involved in the MISO exploit, the attack occurred at 12:04 pm Eastern time on Thursday.
At 9:45 am Eastern time on Friday, Delong announced that all stolen funds were returned.
All funds returned
— Joseph Delong (@josephdelong) September 17, 2021
This is not the first time MISO has encountered a similar problem. On a previous occasion, however, the platform’s team got away lightly.
Last month, samczsun, a security researcher for venture capital firm Paradigm, discovered a vulnerability while examining the smart contract code of the BitDAO token sale on the MISO platform.
The researcher said that the vulnerability could have potentially resulted in a loss of about $350 million.
Ethereum DEX Avoids $350M DeFi Hack Thanks to White Hat Heroics: ReportThe sale concluded without any incident, raising $365 million in the process. However, it required the BitDAO team to manually end the token auction to neutralize the potential threat.
Hacker’s identity known?SushiSwap claims there are reasons to believe that the hacker is a Twitter user @eratos1122, who “has done work with Yearn.Finance and approached many other projects.”
We have asked @FTX_Official and @Binance to turn over the attackers KYC information, but they have resisted on this time sensitive matter.
The attacker(s) has done work with @Yearn and has approached many other projects. I urge you to check your own front ends for exploits.
— Joseph Delong (@josephdelong) September 17, 2021
However, the Twitter profile Delong linked to shows a different GitHub handle, not AristoK3 as SushiSwap claims.
Delong added that SushiSwap asked crypto exchanges FTX and Binance to share the attacker’s hacker’s know-your-customer (KYC) information, “but they have resisted on this time-sensitive matter.”
“I recommend that you test your own user interface in order to identify exploits early on,” said Delong.
He also stated that SushiSwap instructed the company’s lawyer Stephen Palley to file a complaint with the FBI if the stolen funds are not returned by 8 am Eastern Time on Friday.
Editor's note [17.09.201 at 10:30 EST]: This article has been updated to show that all affected funds have been returned.
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on DecryptRelated market context
Tokenized $COIN now available on Robinhood Chain as platform bridges equities and DeFi
The integration of tokenized equities on Robinhood Chain could revolutionize global trading by enabling 24/7 market access and new...
Crypto exchanges are selling stock options and tokenized stocks but users may not own what they think
Bitget launched US stock options this week and says no other major crypto exchange offers them. The product starts with the simple...
Ondo Brings $1.67B Tokenized Securities Boom to the U.S. With Full Onchain Voting Rights
Key Takeaways: Ondo launched the first third-party tokenized U.S. securities under the SEC’s custodial framework. Shares will be i...
US Spot Bitcoin ETF Outflows Clash With Ethereum Fund Demand
Crypto ETF flows are starting to tell a more complicated story than simple risk-on or risk-off. Bitcoin funds have seen pressure,...
Former Blackrock Executive Defends Ethereum as Solana’s Validator Count Shrinks to 800
Sharplink co-CEO Joseph Chalom, a former Blackrock executive, has pushed back on claims that Ethereum has a “culture problem,” arg...
Ethereum Foundation Guide Targets Government And Institutional Blockchain Use
The Ethereum Foundation is making a more direct case to governments and institutions. A new guide from the foundation lays out how...