$3M in Ether Stolen From SushiSwap’s MISO Launchpad

An auction on the DeFi exchange’s launchpad was attacked on Thursday.

Sep 17, 2021 at 5:45 a.m. UTC
Updated Sep 17, 2021 at 6:50 p.m. UTC

A non-fungible token (NFT) auction on the MISO token launchpad built on the SushiSwap platform appears to have been hacked, with the attacker making off with roughly $3 million in ether, SushiSwap Chief Technology Officer Joseph Delong tweeted Thursday.

  • Delong said that an anonymous contractor using the Github handle “AristoK3″ injected malicious code into Miso’s front end in a supply chain attack. He added the link to an Ethereum address showing ETH 864.8 transferred at approximately 16:00 UTC on Thursday.
  • Etherscan has identified the address as part of an exploit.
  • Supply chain attacks happen when a malicious actor changes a contract address to one they control. That type of attack can occur with open-source software libraries, according to the U.S. National Counterintelligence and Security Center.
  • Only one contract appears to have been exploited, according to Delong, for the JayPegsAutoMart NFT sale.
  • The attacker, who has done work with decentralized finance (DeFi) protocol yearn.finance, replaced the auction’s wallet address with their own, Delong said.
  • Delong said SushiSwap “has reason to believe” the attacker was eratos1122, linking to a Twitter account that identifies as a blockchain and mobile games developer.
  • SushiSwap has asked crypto exchanges FTX and Binance, to hand over the hacker’s know-your-customer information of the individual.
  • CoinDesk hasn’t been able to independently verify the attacker’s identity as of press time.
  • If the funds are not returned by 12:00 UTC, the DeFi exchange will file a complaint with the FBI, Delong said.

DISCLOSURE

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Eliza Gkritsi is a CoinDesk news reporter based in Asia.

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.