Sushi token issuance platform MISO project hacked, all 864.8 ETH raised stolen
On the afternoon of the 17th, Joseph Delong, the CTO of SushiSwap, stated that Sushi's token issuance platform, MISO, fell victim to a supply chain attack, with all 864.8 ETH raised by the project Jay Pegs Auto Mart being stolen. Update at 9 PM on the 17th: After the attacker announced the resignation of SushiSwap's core leader, 0xMaki, 865 ETH has been returned before the deadline.
Table of Contents
Sushi CTO Announces Bad News
SushiSwap's CTO Joseph Delong stated that the front end of MISO fell victim to a supply chain attack, where malicious contract deployers inserted malicious code into the MISO front end.
The project Jay Pegs Auto Mart, which had just completed fundraising on MISO, had its auction wallet address changed to the attacker's address, resulting in fund loss. Hacked transaction records
Delong mentioned that requests for personal information of the attacker from FTX and Binance were politely declined. He urged the attacker/group, who had previously worked with Yearn and many other projects, to return the funds, and has informed lawyers and reported to the FBI.
He compiled the current evidence available and claimed to be certain that the attacker is @eratos1122.
Update at 10 pm on the 17th: Response from @eratos1122
The anonymous developer responded after the fund return, stating that most of the MISO development was done by himself, including handling many issues, and believed that Sushi's CTO Joseph Delong owes him an apology. He stated that he is not involved in this incident.
https://twitter.com/eratos1122/status/1438868691857420293
Bizarre Victim Project
The victim project Jay Pegs Auto Mart stated that they will still release the KIA Sedona NFT.
This project was already strange, using the pun Jay Pegs, a play on JPEGs, claiming that one could purchase their ERC-20 tokens and then exchange them for a KIA Sedona car NFT.
Hey folks. Everyone will still receive their 2007 Kia Sedona NFTs, and the exchange is still scheduled to begin on 9/21/2021. https://t.co/oYgqyHY8Jp
— Jay Pegs Auto Mart 🤝 (@jaypegsautomart) September 17, 2021
Continued Turmoil in MISO
MISO being targeted by hackers is not a new occurrence.
BitDAO, initiated by the exchange Bybit, conducted token issuance on SushiSwap's IDO platform MISO on 8/16, where venture capital firm Paradigm's research partner Samczsun discovered a $350 million loophole in the Dutch auction contract, and collaborated with several white hat hackers to prevent approximately 109,000 ETH from being at risk of attack.
Related
- Lending protocol Radiant Capital hacked for the second time this year, losing over $50 million.
- Suspected Official Hack? Well-known game L3E7 faces cybersecurity concerns, downloading the game leads to adult websites.
- Cybersecurity company Certik accused of ransomware and cryptocurrency theft? Kraken explodes in anger, online comments: Already notorious for bad behavior