SushiSwap’s token Launchpad MISO hacked for $3 million worth of Ethereum


On 17th September, an NFT auction on DeFi exchange SushiSwap's MISO launchpad was subjected to a supply chain attack, in which a hacker changed a smart contract address to one they control, siphoning off $3 million in Ethereum.
The issue was initially made public by SushiSwap's Chief Technology
Officer, Joseph Delong, who tweeted on Thursday: “The
Miso front end has become the victim of a supply chain attack. An anonymous
contractor with the GH handles AristoK3 injected malicious code into the Miso
front end. We have reason to believe this is @eratos1122.864.8 ETH was
stolen."
An attacker took advantage of a flaw in the Miso platform during the NFT
token sale auction. A nameless contractor who used the AristoK3 alias on Github
injected malicious code into the Miso user interface. In the
afternoon of September 16, 864.8 ETH was transferred.
This attack type is related to open-source software libraries, according
to the US National Center of Counterintelligence and Security. Etherscan has
identified the address as "related with a hack." Furthermore, the
attackers changed the contract address to one in his possession.
SushiSwap also requested to obtain the hacker's know-your-customer (KYC)
information from cryptocurrency exchanges FTX and Binance, "but they have
resisted on this time-sensitive matter," according to Delong.
“I recommend that you test your own user interface in order to identify
exploits early on,” said Delong.
The company has also asked
their lawyer to “file an IC3 complaint with the FBI” if the stolen cash was not
returned the funds by Friday at 8 AM EST.
In July, the DeFi platform announced an update on its highly awaited
project "7/20", the launch of Trident, a new automated marketplace
maker that is aimed as the most efficient company on the market.

Pavan A
CBW - External Analyst
INDIA