SushiSwap’s MISO Suffers USD 3M Attack, Contract Thefts May Rise

Binance DeFi Ethereum Hack Security
Last updated:
Journalist
Journalist
Sead Fadilpašić
About Author

Sead specializes in writing factual and informative articles to help the public navigate the ever-changing world of crypto. He has extensive experience in the blockchain industry, where he has served...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
Source: Adobe/Negro Elkha

Out-in-the-open contractor theft seems to have appeared as another way to attack crypto projects – as a token launchpad front end was attacked with a malicious code, resulting in more than USD 3m stolen.

Joseph Delong, Chief Technology Officer (CTO) at decentralized exchange SushiSwap, tweeted that the MISO token launchpad built on SushiSwap has been attacked. Per his words, this was a supply chain attack, with an anonymous contractor, who’s using the GitHub handle ‘AristoK3’, injecting a malicious code into Miso’s front-end.

As for the identity behind this handle, Delong said that they “have reason to believe” it’s the Twitter user ‘eratos 1122’ who says they are a “Blockchain/Web/Mobile Developer.” Cryptonews.com has contacted eratos 1122 for comment.

The CTO further said that ETH 864.8 was stolen, currently worth over USD 3.06m. The address he shared – names ‘Miso Front End Exploiter’ – reflects this, with the transaction having taken place some sixteen hours prior to the time of writing.

Simply said, ‘front end’ refers to the user interface, that is, the elements with which users interact. A supply chain attack (aka a value-chain or third-party attack) involves a person infiltrating a system through an outside partner or provider that has the access to it. Software supply chain attacks, if successful, enable the attacker to take control of a project or its infrastructure, as they switch it to the contract address under their control.

Per Delong, who provided additional details of the attack, there was only one contract exploited – the one for the JayPegsAutoMart non-fungible token (NFT) sale. “The attacker inserted their own wallet address to replace the auctionWallet at the auction creation,” he explained, adding: “Effected auctions have all been patched.”

The team has contacted crypto exchanges FTX and Binance, he said, asking for the attacker’s know-your-customer (KYC) information, “but they have resisted on this time-sensitive matter.”

Binance replied to Delong, stating that “our team is also investigating the incident on our end and would like to connect with you directly to learn more.”

Additionally, the CTO claims that the attacker (though their number is not known yet) has done work with yearn.finance (YFI) and has also “approached many other projects” – all of which he’s urging to check their respective front ends for exploits.

Delong said that the team will file a complaint to the FBI should the funds not be returned by noon today UTC time.

All this said, this type of attack seems to be something for the projects in this nascent industry – and by extent, their users / coin holders – to be alert and aware about, and not be lulled into any false sense of safety.

“The risks associated with a supply chain attack have never been higher, due to new types of attacks, growing public awareness of the threats, and increased oversight from regulators,” said Maria Korolov, contributing writer for CSO. “Meanwhile, attackers have more resources and tools at their disposal than ever before, creating a perfect storm.”

For a popular crypto trader, known as @DegenSpartan, this incident has been “another grim reminder that we are frontier explorers and anything could happen to us and our money.”

Rari Capital’s ‘transmissions11 (t11s)’ finds that this type of attack could be “first of many to come,” adding: “Every react.js site depends on literally hundreds of thousands of packages, each of which depends on a couple hundred at least. One malicious sub-sub-sub-package update and it’s over.”

According to t11s, there may already be ways to mitigate this attack type. That said, it seems that the developing world of crypto is being opened to more attack vectors, stressing the need for vigilance with each and every step, giving how much is at stake.

Meanwhile, SUSHI dropped 8% in the past day (at 9:11 UTC), while it’s up 28% in the past week.
___
Learn more: 
Cream Finance Suffers USD 25M Flash Loan Attack 
Tether Frozen in Poly Hack Returned to Owners, Fuelling Centralization Debate 

Crypto & DeFi Custody Best Practices – A Workshop 
Anonymous Builders: Discussing Pseudonymity in DeFi 

More Articles

Blockchain News
Schiff Brands Bitcoin ‘Public Enemy #1’ Amid Bitcoin Reserve Talks
Jimmy Aki
Jimmy Aki
2024-12-09 16:05:57
Industry Talk
XRP Price Targets $5 as Whales Load Up – Is Another Surge Coming?
Joel Frank
Joel Frank
2024-12-09 16:01:49
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors