The MISO front end has become the victim of a supply chain attack, 864.8 ETH was stolen
According to the Chief Technology Officer (CTO) at SushiSwap, Joseph Delong, MISO, a Launchpad product of Sushi, has just attacked the front-end, expected damage up to 864.8 ETH, equivalent to $ 3,078,688.
The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is @eratos1122.
864.8 ETH was stolen, address belowhttps://t.co/cDZeBqFV4P
— Joseph 🤝 Delong 🔱 (@josephdelong) September 17, 2021
Hacker attacks SushiSwap’s MISO again
It is known that the hacker with the GH handles AristoK3 injected malicious code into the Miso front end. Up to now, Jay Pegs Auto Mart is the only auction project that has been hacked and exploited. In addition, the team has not updated any other affected names. It seems that the hacker inserted their wallet address to replace the real wallet when creating the auction. After discovering the problem, other auction projects have all been patched with the vulnerability in the smart contract.
Delong also said that the Sushi team is petitioning the FTX and Binance exchange to publish the information of the hackers. However, this request has now been resisted on this time-sensitive matter. Delong thinks an attack with this approach could play out similarly to other projects as a wake-up call.
“The attackers have done work with Yearn and have approached many other projects. I urge you to check your front ends for exploits”, Delong shared.
At the moment, the team has not updated any more information and only said that the Sushi side is working with a lawyer to bring the case to the FBI.
In August, this incident happened once. A security researcher from venture capital firm Paradigm, known on Twitter as Samczsun, has managed to save SushiSwap and its Miso platform from a potential loss of as much as 109,000 ETH. At that time, He described how he began examining the smart contract code for the BitDAO token sale on SushiSwap’s token launchpad platform, Miso.
After that, thanks to the effort of patching the vulnerability with the Sushi team, this bug was successfully patched.
- Zabu Finance Had Been Exploited On Avalanche For $3.2 Million, But Price Recovered 35%
- The Hacker Sent 5,152.6 ETH From Its Address To Cream Finance Multi-Sig Wallet