$3M in Ether Stolen From SushiSwap’s MISO Launchpad

An auction on the DeFi exchange’s launchpad was attacked on Thursday.

AccessTimeIconSep 17, 2021 at 5:45 a.m. UTC
Updated Sep 17, 2021 at 6:50 p.m. UTC

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

A non-fungible token (NFT) auction on the MISO token launchpad built on the SushiSwap platform appears to have been hacked, with the attacker making off with roughly $3 million in ether, SushiSwap Chief Technology Officer Joseph Delong tweeted Thursday.

  • Delong said that an anonymous contractor using the Github handle “AristoK3″ injected malicious code into Miso’s front end in a supply chain attack. He added the link to an Ethereum address showing ETH 864.8 transferred at approximately 16:00 UTC on Thursday.
  • Etherscan has identified the address as part of an exploit.
  • Supply chain attacks happen when a malicious actor changes a contract address to one they control. That type of attack can occur with open-source software libraries, according to the U.S. National Counterintelligence and Security Center.
  • Only one contract appears to have been exploited, according to Delong, for the JayPegsAutoMart NFT sale.
  • The attacker, who has done work with decentralized finance (DeFi) protocol yearn.finance, replaced the auction’s wallet address with their own, Delong said.
  • Delong said SushiSwap “has reason to believe” the attacker was eratos1122, linking to a Twitter account that identifies as a blockchain and mobile games developer.
  • SushiSwap has asked crypto exchanges FTX and Binance, to hand over the hacker’s know-your-customer information of the individual.
  • CoinDesk hasn’t been able to independently verify the attacker’s identity as of press time.
  • If the funds are not returned by 12:00 UTC, the DeFi exchange will file a complaint with the FBI, Delong said.

Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

CoinDesk - Unknown

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

CoinDesk - Unknown

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

CoinDesk - Unknown

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

Trending

1
CoinDesk - Unknown
First Mover Asia: Bitcoin Holds Above $21K in Weekend Trading; Solana Web3 Phone Faces Long Odds

Ether stays over $1,200; prior blockchain phones have failed because the market has realized their functionalities are already available via apps that can be loaded onto any old phone.

CoinDesk - Unknown
2
CoinDesk - Unknown
Opaque Platforms and Intertwined Protocols Pose Big Risk to Crypto

Second article in a series about risks we’re thinking about during these crypto down days.

CoinDesk - Unknown
3
CoinDesk - Unknown
Putin Weaponizes Inflation

Examining a recent propaganda speech from the Russian leader.

CoinDesk - Unknown
4
CoinDesk - Unknown
Morgan Creek Is Trying to Counter FTX’s BlockFi Bailout, Leaked Call Shows

FTX’s $250 million credit facility offer – if inked as initially proposed – stood to effectively wipe out all BlockFi shareholders, including Morgan Creek Digital, the firm told its investors.

CoinDesk - Unknown