Another DeFi Hack: $3M in ETH Stolen From SushiSwap’s Token Platform

DeFi exploits continue as SushiSwap’s CTO Joseph Delong informed that the protocol’s token platform MISO became the victim of a supply chain attack. Early estimations show that the attacker duped more than $3 million in ETH.

• Delong took it to Twitter earlier on September 17th to indicate that the MISO front end “has become the victim of a supply chain attack.”

The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is @eratos1122.

864.8 ETH was stolen, address belowhttps://t.co/cDZeBqFV4P

— Joseph 🤝 Delong 🔱 (@josephdelong) September 17, 2021

• An anonymous contractor going by the GitHub handle, AristoK3, had injected a malicious code into the front end. Thus, they managed to exploit one NFT auction – the automobile-focused Jay Pegs Auto Mart. Delong updated that all issues in the auctions have since been patched.
• According to the project’s website, MISO serves as a suite of open-source smart contracts created to ease the process of releasing a new project on the SushiSwap exchange. Despite being launched last year, the DEX is one of the largest, with a 24-hour trading volume of nearly $700 million.
• The Ethereum address provided by Delong where the funds were sent shows that the perpetrator managed to steal 865.1 ETH tokens. With today’s prices, this amount exceeds $3 million.
• SushiSwap’s CTO also said the team had contacted FTX and Binance to receive KYC information, but so far, the two exchanges haven’t complied “on this sensitive matter.”
• Delong also warned that if the funds are not returned by 8 am ET, the team had instructed the lawyer to file an IC3 complaint with the FBI.
• It’s worth noting that SushiSwap’s native token has dropped by more than 9% in the hours after the hack.