SushiSwap’s token platform called MISO was reportedly attacked on Thursday, with the hacker stealing 864.8 Ethereum, approximately $3 million in current prices.
SushiSwap is one of the largest decentralized exchanges (DEX) in the world and rival to Uniswap, with more than $495 million in trading volume over the last 24 hours, per CoinGecko.
As described on the project’s website, MISO is “a suite of open-source smart contracts created to ease the process of launching a new project on the SushiSwap exchange.”
According to SushiSwap’s CTO Joseph Delong, MISO fell victim to a so-called supply chain attack, which saw an anonymous contractor going under the GitHub handle AristoK3 inject malicious code into the platform’s front end and replace the auction’s wallet with their own address.
The only exploited auction was the @JayPegsAutoMart auction. The attacker inserted their own wallet address to replace the auctionWallet at the auction creation.
The exploited NFT auction in question is automobile-themed Jay Pegs Auto Mart, which has already been patched.
According to Ethereum blockchain explorer Etherscan, which has identified the address shared by Delong as the one involved in the MISO exploit, the attack occurred at 12:04 pm Eastern time on Thursday.
At 9:45 am Eastern time on Friday, Delong announced that all stolen funds were returned.
This is not the first time MISO has encountered a similar problem. On a previous occasion, however, the platform’s team got away lightly.
Last month, samczsun, a security researcher for venture capital firm Paradigm, discovered a vulnerability while examining the smart contract code of the BitDAO token sale on the MISO platform.
The researcher said that the vulnerability could have potentially resulted in a loss of about $350 million.
One week after Poly Network suffered a $600 million attack (a majority of the assets have since been returned), crypto could have been rocked by another enormous hack, this time at popular Ethereum decentralized exchange (DEX) SushiSwap. The DEX managed to avoid the expensive dilemma, however, thanks to the help of a white hat hacker.
In a post published today, samczsun—research partner at crypto-centric venture capital firm Paradigm—explained how he began examining the smart contract code yeste...
The sale concluded without any incident, raising $365 million in the process. However, it required the BitDAO team to manually end the token auction to neutralize the potential threat.
Hacker’s identity known?
SushiSwap claims there are reasons to believe that the hacker is a Twitter user @eratos1122, who “has done work with Yearn.Finance and approached many other projects.”
We have asked @FTX_Official and @Binance to turn over the attackers KYC information, but they have resisted on this time sensitive matter.
The attacker(s) has done work with @Yearn and has approached many other projects. I urge you to check your own front ends for exploits.
However, the Twitter profile Delong linked to shows a different GitHub handle, not AristoK3 as SushiSwap claims.
Delong added that SushiSwap asked crypto exchanges FTX and Binance to share the attacker’s hacker’s know-your-customer (KYC) information, “but they have resisted on this time-sensitive matter.”
“I recommend that you test your own user interface in order to identify exploits early on,” said Delong.
He also stated that SushiSwap instructed the company’s lawyer Stephen Palley to file a complaint with the FBI if the stolen funds are not returned by 8 am Eastern Time on Friday.
Editor's note [17.09.201 at 10:30 EST]: This article has been updated to show that all affected funds have been returned.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Medical device company Semler Scientific purchased another 165 Bitcoin for $15.7 million between the dates of April 25-29, bolstering its Bitcoin treasury to 3,467 BTC.
The purchase marks the firm’s second major Bitcoin acquisition in the last week after it announced that it added 111 BTC for $10 million on April 25. As of Wednesday, Semler’s Bitcoin treasury is valued at more than $327 million.
“We bleed orange,” Semler Scientific Chairman Eric Semler posted on X (formerly known as Twitter), j...
Galaxy Digital Holdings plans to list on the Nasdaq Global Select Market next month, the firm said Wednesday in a statement, a byproduct of the pro crypto pivot of U.S. federal regulators and policymakers.
The listing, which is subject to shareholder approval, will tentatively go live on May 16, according to Galaxy Digital's statement. The company's Class A common stock will trade under the ticker GLXY.
In listing on the Global Select Market, Galaxy Digital aims to broaden its access to capital,...
Crypto payments firm Ripple made a multi-billion-dollar offer to acquire USDC stablecoin issuer Circle, Bloomberg reported Wednesday, citing people familiar with the matter.
The offer was said to be in the range of $4 billion to $5 billion, but was reportedly rejected as being too low. At the start of April, Circle filed paperwork with the SEC to go public.
A Circle spokesperson told Bloomberg news that the company was “currently in a quiet period with the SEC,” meaning its ability to comment on...
