SushiSwap’s token platform called MISO was reportedly attacked on Thursday, with the hacker stealing 864.8 Ethereum, approximately $3 million in current prices.
SushiSwap is one of the largest decentralized exchanges (DEX) in the world and rival to Uniswap, with more than $495 million in trading volume over the last 24 hours, per CoinGecko.
As described on the project’s website, MISO is “a suite of open-source smart contracts created to ease the process of launching a new project on the SushiSwap exchange.”
According to SushiSwap’s CTO Joseph Delong, MISO fell victim to a so-called supply chain attack, which saw an anonymous contractor going under the GitHub handle AristoK3 inject malicious code into the platform’s front end and replace the auction’s wallet with their own address.
The only exploited auction was the @JayPegsAutoMart auction. The attacker inserted their own wallet address to replace the auctionWallet at the auction creation.
The exploited NFT auction in question is automobile-themed Jay Pegs Auto Mart, which has already been patched.
According to Ethereum blockchain explorer Etherscan, which has identified the address shared by Delong as the one involved in the MISO exploit, the attack occurred at 12:04 pm Eastern time on Thursday.
At 9:45 am Eastern time on Friday, Delong announced that all stolen funds were returned.
This is not the first time MISO has encountered a similar problem. On a previous occasion, however, the platform’s team got away lightly.
Last month, samczsun, a security researcher for venture capital firm Paradigm, discovered a vulnerability while examining the smart contract code of the BitDAO token sale on the MISO platform.
The researcher said that the vulnerability could have potentially resulted in a loss of about $350 million.
One week after Poly Network suffered a $600 million attack (a majority of the assets have since been returned), crypto could have been rocked by another enormous hack, this time at popular Ethereum decentralized exchange (DEX) SushiSwap. The DEX managed to avoid the expensive dilemma, however, thanks to the help of a white hat hacker.
In a post published today, samczsun—research partner at crypto-centric venture capital firm Paradigm—explained how he began examining the smart contract code yeste...
The sale concluded without any incident, raising $365 million in the process. However, it required the BitDAO team to manually end the token auction to neutralize the potential threat.
Hacker’s identity known?
SushiSwap claims there are reasons to believe that the hacker is a Twitter user @eratos1122, who “has done work with Yearn.Finance and approached many other projects.”
We have asked @FTX_Official and @Binance to turn over the attackers KYC information, but they have resisted on this time sensitive matter.
The attacker(s) has done work with @Yearn and has approached many other projects. I urge you to check your own front ends for exploits.
However, the Twitter profile Delong linked to shows a different GitHub handle, not AristoK3 as SushiSwap claims.
Delong added that SushiSwap asked crypto exchanges FTX and Binance to share the attacker’s hacker’s know-your-customer (KYC) information, “but they have resisted on this time-sensitive matter.”
“I recommend that you test your own user interface in order to identify exploits early on,” said Delong.
He also stated that SushiSwap instructed the company’s lawyer Stephen Palley to file a complaint with the FBI if the stolen funds are not returned by 8 am Eastern Time on Friday.
Editor's note [17.09.201 at 10:30 EST]: This article has been updated to show that all affected funds have been returned.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
A school in Scotland has said it will be the first in the UK to start accepting Bitcoin payments.
Lomond School in the town of Helensburgh said that it made the choice to accept the cryptocurrency after a number of parents—both local and foreign—made the request, The Times reported.
The private boarding school has a number of international students.
To "manage and mitigate risk," the school said it would start accepting the biggest cryptocurrency in phases, and would convert digital coins rec...
BlackRock’s spot digital asset-focused funds generated net inflows for a fifth consecutive quarter, but the value of those assets tumbled by 9% as the price of Bitcoin and Ethereum slumped, the company said in its latest earnings release.
As of March 31, the world’s largest asset manager held $50.3 billion worth in ETF digital assets, about $5 billion less than in the previous quarter, according to the release.
Still, among asset managers, BlackRock remained the leader in inflows with the iShare...
Ripple Labs and the U.S. Securities and Exchange Commission have jointly filed a request to suspend their respective appeals as they “pursue a negotiated resolution” of their long-running case.
As detailed in a filing submitted yesterday to the U.S. Court of Appeals for the Second Circuit, the two parties have already reached an agreement-in-principle, with Ripple CEO Brad Garlinghouse revealing last month that the SEC would be dropping its appeal.
Yesterday’s application represents the first of...
