In Brief:
- Miso front end has become the victim of a supply chain attack.
- Hacker AristoK3 introduced malicious code into the supply.
Sushiswap’s MISO launchpad has been exploited using a supply chain attack, Which drained 864.8 ETH. At the current market price, it is roughly $3 million. The attack was made public by SushiSwap’s Chief Technology Officer (CTO), Joseph Delong through a tweet.
In a supply chain assault, an unidentified contractor with the Github handle “AristoK3” uploaded malicious code into Miso’s front-end, according to Delong. The hacker with the GH handle AristoK3 is suspected of introducing dangerous code into the Miso front end.
The only auction project that has been hacked and exploited thus far is Jay Pegs Auto Mart. At present this address holds the stolen funds.
When creating the auction, it appears that the hacker used their wallet address instead of the real wallet address. Other auction projects have all been patched with the smart contract vulnerability once the problem was discovered.
“Sushi team is requesting that the FTX and Binance exchanges publicise the hackers’ information,” according to Delong. However, due to the urgency of the circumstance, this request has been denied. An attack utilising this method, according to Delong, might act as a wake-up call for other endeavours.
Previous Attack on Miso
In August, this already happened once. Thanks to a security researcher from venture capital company Paradigm, who saved SushiSwap and its Miso platform from a potential loss of up to 109,000 ETH. He described how, at the time, he began investigating the smart contract code for the BitDAO token sale on SushiSwap’s token launchpad platform, Miso. The flaw was anyways successfully patched thanks to the Sushi team’s efforts in patching the vulnerability.
The DeFi exchange will submit a complaint with the FBI if the monies are not recovered by 12:00 UTC, according to Delong.
Although, the team has not provided any additional details at this time, stating simply that the Sushi side is working with a lawyer to bring the matter to the FBI.
The hacker has recently returned all the ETH back. According to Etherscan, the multisign address of Sushiswap got 865 ETH back, and even exploteir has given back more ETH than stolen.
