Site iconSite icon ForkLog

Hacker stole more than $3 million from SushiSwap’s MISO platform

ForkLog
Hacker stole more than $3 million from SushiSwap's MISO platform

The attacker siphoned 864.8 ETH (about $3.09 million) from an NFT auction on SushiSwap’s MISO protocol IDO-platform.

Update:

The hacker returned all stolen funds, transferring them in three transactions to the SushiSwap address.

Data: Etherscan.

SushiSwap CTO Joseph Delong said that an anonymous contractor using the GitHub handle AristoK3 injected malicious code into the MISO front end and spoofed the auction address.

Around 19:00 (MSK), the funds were sent to the attacker-controlled wallet, which Etherscan now marks as linked to the MISO exploit.

According to Delong, the team believes the attacker is known on Twitter under the alias 0x A.K. The user describes himself as a blockchain and web developer.

Update:

The assumption proved incorrect; the SushiSwap CTO apologised to the developer who, by his account, did most of the work for MISO.

Delong warned that the contractor also did work for the DeFi project yearn.Finance.

Experts from MISO asked exchanges FTX and Binance for information about the hacker’s identity, but received no cooperation, Delong said. If funds are not returned by 15:00 (MSK) on September 17, they will turn to the FBI.

Update:

The attacker transferred 100 ETH after the deadline to the Sushi multisig wallet.

«I hope, he will send the rest», — wrote Delong.

Update:

Approximately an hour after the first transaction, the hacker returned another 700 ETH.

Data: Etherscan.

Delong clarified that only the Jay Pegs Auto Mart auction was affected. The team has assured users they will still receive the purchased NFTs from the 2007 Kia Sedona series, despite the theft of funds. The release is scheduled for September 21.

Earlier, a white-hat hacker helped fix a vulnerability in MISO that could have led to the loss of 109,000 ETH (~$350 million at the time).

Exit mobile version