SushiSwap sees a $3 million supply chain attack against its MISO launchpad
- SushiSwap DEX saw a hacking attack against its token launchpad, MISO.
- The attack managed to replace the smart contract address, draining away $3 million in ETH.
- It is believed that the guilty party is already identified as Twitter’s @eratos1122.
SushiSwap (SUSHI/USD) one of the most popular decentralized crypto exchanges, recently saw a supply chain attack that targeted its token launchpad, MISO. According to what is known, the attacker managed to change a smart contract address, putting down the one they own and control. As a result, the attacker managed to raise $3 million in ETH before the attack was discovered.
The move was a result of an exploit that saw the attacker drain $3 million in Ethereum (ETH/USD) coins from the Jay Pegs Auto Mart token auction contract that was active on the launchpad at the time of the attack. The details were shared by the project’s CTO, Joseph Delong, who spoke of it openly on Twitter this Friday, September 17th.
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
In total, the attacker managed to drain the platform of 864.8 ETH.
The attacker is allegedly already known
As some may already know, MISO is a permissionless token launchpad that was created within SushiSwap’s ecosystem. The platform is a part of the decentralized exchange, and it allows developers to hold token sales for their own DeFi protocols.
The incident, while unfortunate, did not affect any other project or auction before this, as Delong personally confirmed, as all other infected auctions were patched before the exploit could be used against them.
Delong further stressed that there is reason to believe that the party behind the attack is a Twitter user known as @eratos1122.
Delong also shared an Etherscan link to the wallet which is where the stolen coins are currently stored, and a document that shows a full paper trail of all transactions linked to the hacker’s address, as well as names, contact details, and social media accounts of those suspected to be involved.