An NFT auction was reportedly hacked on the SushiSwap token launchpad. The damage is said to amount to $ 3 million in Ethereum.
SushiSwap Launchpad has been hacked
According to some reports, the token platform MISO was hacked by SushiSwap. Hackers got away with 864.8 Ethereum, which equates to an unexplained value of around 3 million US dollars.
SushiSwap is one of the world’s largest decentralized exchanges (DEX), which is also Uniswap’s main competitor. According to Coingecke, the platform has a trading volume of more than $ 495 million in the last 24 hours.
MISO is a suite of open source smart contracts created to facilitate the process of launching a new project on the SushiSwap exchange.
According to the CTO of SushiSwap, Joseph Delong, MISO was the victim of a supply chain attack in which an anonymous contractor under the GutHub handle AristoK3 embedded a malicious code in the front end of the platform and replaced the auction wallet with his own address.
The NFT auction was Jay Pegs Auto Mart’s with Automotiv, which has already been patched.
According to the address shared by Delong involved in the MISO exploit, the attack occurred at 12:04 p.m. EST on Thursday.
This incident is not the first at MISO. In the past, however, the damage was less.
Last month, “samczsun”, a security researcher at Paradigm, discovered a vulnerability while examining the smart contract code of the BitDAO token sale on the MISO platform.
The researcher said the vulnerability could potentially have resulted in a loss of approximately $ 350 million.
The sale completed without a hitch and raised $ 365 million. However, the BitDAO team had to manually end the token auction in order to avert potential threats.
SushiSwap claims that there are reasons to believe that the hacker was a Twitter user with the handle @ eratos1122 who worked with Yearn.Finance and was involved in many other projects.
The Twitter profile, the Delong mentioned has, however, is a different one and not the one mentioned by SushiSwap.
Delong said SushiSwap asked the FTX and Binance crypto exchanges to reveal the hacker’s Know-Your-Customer (KYC) information. However, both exchanges did not comply with the request.
“I recommend that you test your own user interface in order to identify exploits early on.”
He also said that SushiSwap had hired the company’s attorney Stephen Palley to file a complaint with the FBI if the stolen funds were not returned by 8:00 a.m. Eastern Time on Friday.
Image @ Pixabay / License