$3M in Ether Stolen From SushiSwap’s MISO Launchpad

An auction on the DeFi exchange’s launchpad was attacked on Thursday.

AccessTimeIconSep 17, 2021 at 5:45 a.m. UTC
Updated May 11, 2023 at 4:02 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A non-fungible token (NFT) auction on the MISO token launchpad built on the SushiSwap platform appears to have been hacked, with the attacker making off with roughly $3 million in ether, SushiSwap Chief Technology Officer Joseph Delong tweeted Thursday.

  • Delong said that an anonymous contractor using the Github handle “AristoK3″ injected malicious code into Miso’s front end in a supply chain attack. He added the link to an Ethereum address showing ETH 864.8 transferred at approximately 16:00 UTC on Thursday.
  • Etherscan has identified the address as part of an exploit.
  • Supply chain attacks happen when a malicious actor changes a contract address to one they control. That type of attack can occur with open-source software libraries, according to the U.S. National Counterintelligence and Security Center.
  • Only one contract appears to have been exploited, according to Delong, for the JayPegsAutoMart NFT sale.
  • The attacker, who has done work with decentralized finance (DeFi) protocol yearn.finance, replaced the auction’s wallet address with their own, Delong said.
  • Delong said SushiSwap “has reason to believe” the attacker was eratos1122, linking to a Twitter account that identifies as a blockchain and mobile games developer.
  • SushiSwap has asked crypto exchanges FTX and Binance, to hand over the hacker’s know-your-customer information of the individual.
  • CoinDesk hasn’t been able to independently verify the attacker’s identity as of press time.
  • If the funds are not returned by 12:00 UTC, the DeFi exchange will file a complaint with the FBI, Delong said.
  • DeFi Market Rebounds to $50B as Speculators Hunt for Yield
    01:11
    DeFi Market Rebounds to $50B as Speculators Hunt for Yield
  • How Spool Is Aiming to Help Institutions Enter DeFi
    11:05
    How Spool Is Aiming to Help Institutions Enter DeFi
  • How a New Tax Proposal From the IRS Could Impact DeFi
    00:46
    How a New Tax Proposal From the IRS Could Impact DeFi
  • Injective Survey Suggests Many Traders Use Both Centralized and Decentralized Exchanges
    08:17
    Injective Survey Suggests Many Traders Use Both Centralized and Decentralized Exchanges
  • Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Eliza Gkritsi

    Eliza Gkritsi is a CoinDesk contributor focused on the intersection of crypto and AI.

    Nikhilesh De

    Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


    Read more about