DeFi exploits continue as SushiSwap’s CTO Joseph Delong informed that the protocol’s token platform MISO became the victim of a supply chain attack. Early estimations show that the attacker duped more than $3 million in ETH.
- Delong took it to Twitter earlier on September 17th to indicate that the MISO front end “has become the victim of a supply chain attack.”
The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is @eratos1122.
864.8 ETH was stolen, address belowhttps://t.co/cDZeBqFV4P
— Joseph 🤝 Delong 🔱 (@josephdelong) September 17, 2021
- An anonymous contractor going by the GitHub handle, AristoK3, had injected a malicious code into the front end. Thus, they managed to exploit one NFT auction – the automobile-focused Jay Pegs Auto Mart. Delong updated that all issues in the auctions have since been patched.
- According to the project’s website, MISO serves as a suite of open-source smart contracts created to ease the process of releasing a new project on the SushiSwap exchange. Despite being launched last year, the DEX is one of the largest, with a 24-hour trading volume of nearly $700 million.
- The Ethereum address provided by Delong where the funds were sent shows that the perpetrator managed to steal 865.1 ETH tokens. With today’s prices, this amount exceeds $3 million.
- SushiSwap’s CTO also said the team had contacted FTX and Binance to receive KYC information, but so far, the two exchanges haven’t complied “on this sensitive matter.”
- Delong also warned that if the funds are not returned by 8 am ET, the team had instructed the lawyer to file an IC3 complaint with the FBI.
- It’s worth noting that SushiSwap’s native token has dropped by more than 9% in the hours after the hack.